Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google captcha redirects


  • This topic is locked This topic is locked
17 replies to this topic

#1 morpheus_jr16

morpheus_jr16

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 11 December 2011 - 10:59 AM

I am posting the logs here as instructed by Boopme from another thread.
http://www.bleepingcomputer.com/forums/topic429378.html

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Ritchelle at 23:57:34 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.748 [GMT 8:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\MultiScreen\MultiScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\WINDOWS\system32\mstsc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [MultiScreen] c:\program files\multiscreen\MultiScreen.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://69.179.81.86/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
TCP: Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255} : DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
TCP: Interfaces\{F5E5B7C6-FF9B-4043-9F1B-7A00D7204E46} : NameServer = 192.168.1.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.ftp - proxy.smartbro.net
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.smartbro.net
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.smartbro.net
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.smartbro.net
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.smartbro.net
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\ritchelle\application data\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\documents and settings\ritchelle\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
FF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.de
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-26 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-26 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-29 428200]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-26 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-30 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-5 2214504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-30 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-12-5 119528]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-12-10 13:00:54 -------- d-----w- c:\program files\JRE
2011-12-09 08:52:44 -------- d-----w- c:\documents and settings\ritchelle\local settings\application data\CrashRpt
2011-12-05 07:11:40 -------- d-----w- c:\program files\MultiScreen
2011-12-05 07:08:22 -------- d-----w- C:\Samsung
2011-12-05 05:01:42 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-12-05 04:59:34 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-12-05 04:59:34 119528 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2011-12-05 04:59:33 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-12-05 04:58:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-05 04:58:46 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-05 04:58:45 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-12-05 04:58:45 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-12-05 04:58:44 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-05 04:58:44 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-05 04:58:44 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-12-05 04:58:44 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-05 04:58:44 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-05 04:58:11 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-05 04:54:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-12-05 04:53:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-12-05 04:48:34 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2011-12-05 04:48:30 -------- d-----w- c:\program files\Vtune
.
==================== Find3M ====================
.
2011-12-05 05:00:27 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-12-05 05:00:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-12-05 05:00:22 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-11-23 21:37:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 21:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 18:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 23:58:09.54 ===============

GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-11 23:57:22
Windows 5.1.2600 Service Pack 3
Running: 0bnyhop4.exe; Driver: C:\DOCUME~1\RITCHE~1\LOCALS~1\Temp\pwlyafob.sys


---- System - GMER 1.0.15 ----

SSDT B14A5AE4 ZwClose
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xA39EB930]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xA39F6A80]
SSDT B14A5AEE ZwCreateSection
SSDT B14A5A94 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xA39EBF20]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xA39F76E0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xA39F7440]
SSDT B14A5ADF ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xA39F78B0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xA39EBD70]
SSDT B14A5A80 ZwOpenProcess
SSDT B14A5A85 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xA39F8250]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xA39F7CB0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xA39F8080]
SSDT B14A5AF3 ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xA39EC120]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xA39F7140]
SSDT B14A5A8F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB60063A0, 0x88C445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2952] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A39F3CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A39F41C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A39F4320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A39F3E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A39F3E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A39F3CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A39F41C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A39F4320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A39F3CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A39F3E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A39F4320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A39F41C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A39F4320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A39F41C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A39F3CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A39F3E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A39F3CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A39F41C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A39F4320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A39F3CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A39F3E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A39F4320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A39F41C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00FC2BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00FC2CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00FC2CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\vpngui.exe[7948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [015F2BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\vpngui.exe[7948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [015F2CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\vpngui.exe[7948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [015F2CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b10000705 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b10000705@68e141156601 0xA1 0x48 0xEB 0x45 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b10000705@00249047923e 0xE7 0xEF 0xBF 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b10000705 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b10000705@68e141156601 0xA1 0x48 0xEB 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b10000705@00249047923e 0xE7 0xEF 0xBF 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10000705
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10000705@68e141156601 0xA1 0x48 0xEB 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10000705@00249047923e 0xE7 0xEF 0xBF 0x0E ...

---- EOF - GMER 1.0.15 ----

Thanks,

Joseph

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 17 December 2011 - 07:14 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 morpheus_jr16

morpheus_jr16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 18 December 2011 - 10:02 AM

Hi Etavares,

Thank you so much for your reply. The dnsflush command works for just a day or two after which the problem occurs again. Also, I'm not sure if this is related to the problem, while I am doing the OTL scan, AVIRA blocks Autorun.inf from being run. There is also an autorun folder in the C:\ directory with a zhengbo subfolder which can't be opened. I'd also like to say that I am not a techie person so I would really appreciate it if you could walk me through the steps that you'll be giving me.

Here is the OTL log.

OTL logfile created on: 12/18/2011 7:13:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ritchelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.82% Memory free
3.84 Gb Paging File | 2.47 Gb Available in Paging File | 64.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 20.10 Gb Free Space | 26.97% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 1.58 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Computer Name: UNDRICHJOSE | User Name: Ritchelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:14:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 08:40:53 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/29 08:40:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/02 10:33:38 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2011/05/25 15:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/27 20:01:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/03 08:09:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/24 05:37:25 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/01 11:56:46 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\imtcp_xpcom.dll
MOD - [2011/06/02 10:33:38 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2011/03/25 14:44:54 | 001,018,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/02/06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/28 12:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/08/23 21:41:22 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
MOD - [2009/08/11 13:56:52 | 000,053,248 | ---- | M] () -- C:\Program Files\MultiScreen\MGResEng.dll
MOD - [2009/08/11 13:54:36 | 000,053,248 | ---- | M] () -- C:\Program Files\MultiScreen\SmartMouseDll.dll
MOD - [2009/08/11 13:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\MultiScreen\TitleBar.dll
MOD - [2009/02/27 02:56:50 | 003,144,192 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 08:40:53 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/29 08:40:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/25 15:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 20:01:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/29 08:40:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 08:40:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/25 15:26:22 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/25 16:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 21:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/03/07 11:21:24 | 010,423,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:7.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.10.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugins@bf-itservice.de:1.4
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.backup.ftp: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.smartbro.net"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.smartbro.net"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.smartbro.net"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.smartbro.net"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.smartbro.net"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.10.04: C:\Documents and Settings\Ritchelle\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Ritchelle\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/08 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 12:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 03:07:12 | 000,000,000 | ---D | M]

[2009/04/24 08:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Extensions
[2011/12/18 07:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions
[2010/03/29 09:28:25 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/13 08:11:48 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011/01/02 14:35:22 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/12/05 14:01:35 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/04/24 08:27:29 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011/07/09 22:28:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/11/02 08:04:15 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/09/10 20:22:00 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2011/11/22 04:56:50 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/22 04:56:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/17 11:07:48 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/12/16 08:08:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/02 08:04:00 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\foxyproxy@eric.h.jung
[2011/06/30 08:05:56 | 000,000,000 | ---D | M] (easyComment) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\plugins@bf-itservice.de
[2009/05/31 08:48:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\ask.xml
[2009/08/24 17:30:01 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\mywebsearch.xml
[2011/12/18 14:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/01 19:52:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/27 17:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/12/09 22:27:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/09 08:09:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/26 16:30:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/04/07 08:05:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/28 12:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2008/09/04 08:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/10/29 18:08:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1003..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe ()
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1003..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1005..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://69.179.81.86/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255}: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/18 12:01:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 22:18:41 | 000,000,000 | ---D | M] - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 22:18:41 | 000,000,000 | ---D | M] - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 12:13:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
[2011/12/10 21:03:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0
[2011/12/10 21:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/12/09 23:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2011/12/09 16:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\CrashRpt
[2011/12/05 15:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\MultiScreen
[2011/12/05 15:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiScreen
[2011/12/05 15:08:22 | 000,000,000 | ---D | C] -- C:\Samsung
[2011/12/05 13:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/12/05 13:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/12/05 12:58:49 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/12/05 12:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/05 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vtune
[2011/12/05 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Vtune
[2011/12/04 01:30:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ritchelle\Recent
[2009/12/23 22:39:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/12/23 22:39:01 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/23 22:39:01 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/12/23 22:39:01 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/18 18:46:16 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 14:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/18 12:14:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
[2011/12/18 10:10:01 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/18 07:56:35 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/12/18 07:55:09 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 07:53:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/17 20:40:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/17 19:44:01 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/17 08:10:10 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 03:25:38 | 000,004,546 | ---- | M] () -- D:\My Documents\Default.rdp
[2011/12/16 08:03:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 20:31:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\񀿉
[2011/12/11 12:57:18 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 21:03:08 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2011/12/10 16:21:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ritchelle\defogger_reenable
[2011/12/10 16:21:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\0bnyhop4.exe
[2011/12/10 16:20:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\Defogger.exe
[2011/12/09 19:48:35 | 000,000,060 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/12/09 19:48:35 | 000,000,047 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/12/08 10:28:37 | 000,056,702 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\jim4.jpg
[2011/12/08 10:28:11 | 000,049,827 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\jim3.jpg
[2011/12/08 10:27:53 | 000,055,022 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\jim2.jpg
[2011/12/08 10:27:06 | 000,047,446 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\jim.jpg
[2011/12/05 15:11:41 | 000,001,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiScreen.lnk
[2011/12/05 13:00:27 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/05 13:00:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/05 13:00:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/05 13:00:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/05 12:47:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/05 12:44:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 01:32:54 | 000,063,348 | ---- | M] () -- D:\My Documents\cc_20111204_013235.reg
[2011/11/26 13:53:40 | 003,135,504 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\advisorinstaller.exe
[2011/11/24 05:43:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/13 20:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\񀿉
[2011/12/10 21:03:08 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2011/12/10 16:21:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ritchelle\defogger_reenable
[2011/12/10 16:21:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\0bnyhop4.exe
[2011/12/10 16:20:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\Defogger.exe
[2011/12/08 10:28:37 | 000,056,702 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\jim4.jpg
[2011/12/08 10:28:11 | 000,049,827 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\jim3.jpg
[2011/12/08 10:27:52 | 000,055,022 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\jim2.jpg
[2011/12/08 10:27:04 | 000,047,446 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\jim.jpg
[2011/12/05 15:11:41 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiScreen.lnk
[2011/12/05 13:00:22 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/05 13:00:22 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/05 13:00:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/05 13:00:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/05 12:58:45 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/05 12:58:45 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/12/05 12:44:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 01:32:48 | 000,063,348 | ---- | C] () -- D:\My Documents\cc_20111204_013235.reg
[2011/11/26 13:27:15 | 003,135,504 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\advisorinstaller.exe
[2011/11/16 20:36:20 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2011/10/02 19:09:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Application Data\downloads.m3u
[2011/09/01 10:48:34 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2011/01/23 21:16:39 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/30 01:24:49 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Application Data\default.rss
[2010/01/28 10:46:46 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/12/23 22:39:04 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/12/23 22:39:03 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2009/12/23 22:39:02 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/12/23 22:39:02 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2009/11/06 19:28:55 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/10/02 20:52:38 | 000,157,208 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/10/02 20:52:38 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/08/23 21:41:22 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/08/23 21:41:14 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/06/09 18:27:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/24 08:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/22 21:13:17 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/18 19:49:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/18 19:48:40 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/18 13:30:33 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/18 13:30:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/18 13:30:30 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/18 13:30:30 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/18 13:30:28 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/18 13:25:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/18 12:19:33 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/18 12:19:33 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/18 12:03:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/18 11:59:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/08/24 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 23:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 23:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/15 15:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/07/24 23:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/10/12 09:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/04/07 07:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/09/21 23:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/11/06 19:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/10/24 22:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/10/20 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/09 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/03 13:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/09 10:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/08/08 19:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/12 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2009/06/21 13:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/09 15:13:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/11/05 07:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/01/11 11:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/05/23 01:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\BitTorrent
[2010/06/15 16:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\acccore
[2009/07/24 23:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\Ashampoo
[2011/07/28 00:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\AskToolbar
[2010/02/12 09:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\Auslogics
[2009/09/29 09:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\avidemux
[2011/12/17 21:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\BitTorrent
[2011/09/25 00:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\Camfrog
[2011/12/04 02:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\DNA
[2011/10/12 09:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\f-secure
[2010/12/29 08:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\FileZilla
[2009/04/18 13:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\InterTrust
[2011/10/28 09:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\IObit
[2011/04/11 15:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\Kalydo
[2009/09/21 23:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\NCH Swift Sound
[2009/04/26 19:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\OpenOffice.org
[2011/06/04 13:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\Rovio
[2011/04/18 13:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\SystemRequirementsLab
[2010/01/09 15:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\TuneUp Software
[2009/10/03 13:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\Ulead Systems
[2009/06/24 18:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ritchelle\Application Data\uTorrent
[2011/12/18 10:10:01 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/17 20:40:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/17 19:44:01 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/18 14:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/10/30 12:50:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\expressShakeIcon.job
[2011/10/30 12:52:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/18 12:01:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/17 22:23:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/05 12:47:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/02 22:45:41 | 000,021,744 | ---- | M] () -- C:\ComboFix.txt
[2009/04/18 12:01:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/28 20:38:59 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2009/04/18 12:01:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/25 14:02:38 | 000,000,810 | -H-- | M] () -- C:\IPH.PH
[2009/04/18 12:20:00 | 000,000,197 | ---- | M] () -- C:\lan.log
[2010/12/28 10:49:53 | 000,000,204 | ---- | M] () -- C:\mbam-error.txt
[2009/04/18 12:01:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/10/26 16:49:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/18 08:25:34 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2011/10/21 14:30:57 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2011/12/18 07:53:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/04/18 12:16:31 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2009/04/18 12:16:31 | 000,001,635 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/04/18 19:47:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/04/18 19:47:35 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/04/18 19:47:35 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/25 14:44:56 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/25 14:44:56 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/25 14:44:56 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/25 14:44:56 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/25 14:44:56 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/25 14:44:56 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 12/18/2011 7:13:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ritchelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.82% Memory free
3.84 Gb Paging File | 2.47 Gb Available in Paging File | 64.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 20.10 Gb Free Space | 26.97% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 1.58 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Computer Name: UNDRICHJOSE | User Name: Ritchelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"SerialNumber" = A109A-K13-3ZXD-BAP5-TE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\VALVe\Counter-Strike Source\hl2.exe" = C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Disabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Help
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51BA435B-D119-4A1B-966C-673D382B260A}" = HP Deskjet Ink Adv 2060 K110 Basic Device Software
"{52247166-6F9F-4B85-9BB6-57473F3E0D74}" = Jing
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{66dfb4b4-4142-4ff3-b265-6ca7afc235c5}" = Nero 9
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{8225BAEB-4C64-4881-8229-E5BBCD076E37}" = QuickSolutions
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = MODEM Mobile Connection
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FA8B00-7725-4291-BEBB-48E171CF5966}" = NCH Speech Recognition Tools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EE1564DB-FBF5-4B39-9A53-0C522269936C}" = HP Deskjet Ink Adv 2060 K110 Product Improvement Study
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Camfrog 6.1" = Camfrog Video Chat 6.1
"CCleaner" = CCleaner
"Chikka Messenger V4" = Chikka Messenger V4
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Express" = Express Dictate
"FormatFactory" = FormatFactory 1.80
"Globe Broadband" = Globe Broadband
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MySSID_is1" = Vtune 7.20
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Plants vs. Zombies" = Plants vs. Zombies
"Quick Article Spinner" = Quick Article Spinner
"Rainlendar2" = Rainlendar2 (remove only)
"Scribe" = Express Scribe
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WavePad" = WavePad Sound Editor
"Web Games Player Plugin" = Web Games Player Plugin
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"KalydoPlayer" = Kalydo Player 3.10.04
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2011 7:23:39 AM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

Error - 11/26/2011 6:41:56 AM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/2/2011 9:16:23 AM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

Error - 12/3/2011 9:17:37 AM | Computer Name = UNDRICHJOSE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/7/2011 4:17:21 AM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application multiscreen.exe, version 1.0.0.1, faulting module
multiscreen.exe, version 1.0.0.1, fault address 0x0000476f.

Error - 12/7/2011 1:55:48 PM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 12/9/2011 4:52:23 AM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 10.0.0.1270, faulting
module titlebar.dll, version 0.0.0.0, fault address 0x000085d9.

Error - 12/10/2011 8:49:51 AM | Computer Name = UNDRICHJOSE | Source = MsiInstaller | ID = 1013
Description = Product: OpenOffice.org 3.0 -- A newer version of OpenOffice.org 3.0
was found. To install an older version, the newer version needs to be removed first.

Error - 12/10/2011 9:47:52 AM | Computer Name = UNDRICHJOSE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/16/2011 11:59:50 AM | Computer Name = UNDRICHJOSE | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

[ OSession Events ]
Error - 11/2/2010 9:16:51 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/2/2010 9:18:39 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 84
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/2/2010 9:20:04 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 61
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/28/2010 11:15:06 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11763
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 11/28/2010 11:17:12 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 80
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/20/2011 1:02:07 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31437
seconds with 540 seconds of active time. This session ended with a crash.

Error - 7/20/2011 1:06:01 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 72
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/22/2011 11:30:20 AM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 495
seconds with 420 seconds of active time. This session ended with a crash.

Error - 7/24/2011 1:17:10 PM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5290
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/1/2011 11:16:18 AM | Computer Name = UNDRICHJOSE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1374
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/13/2011 6:31:11 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/13/2011 6:31:46 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 12/14/2011 6:02:55 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/15/2011 8:05:11 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir WebGuard
service to connect.

Error - 12/15/2011 8:05:11 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir WebGuard service failed to start due to the following
error: %%1053

Error - 12/15/2011 8:06:28 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/16/2011 7:22:23 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/17/2011 1:15:56 AM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/17/2011 1:16:30 AM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 12/17/2011 7:55:51 PM | Computer Name = UNDRICHJOSE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 23:01:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 ST3160813AS rev.CC2F
Running: 0bnyhop4.exe; Driver: C:\DOCUME~1\RITCHE~1\LOCALS~1\Temp\pwlyafob.sys


---- System - GMER 1.0.15 ----

SSDT B11D3E14 ZwClose
SSDT B11D3DCE ZwCreateKey
SSDT B11D3E1E ZwCreateSection
SSDT B11D3DC4 ZwCreateThread
SSDT B11D3DD3 ZwDeleteKey
SSDT B11D3DDD ZwDeleteValueKey
SSDT B11D3E0F ZwDuplicateObject
SSDT B11D3DE2 ZwLoadKey
SSDT B11D3DB0 ZwOpenProcess
SSDT B11D3DB5 ZwOpenThread
SSDT B11D3DEC ZwReplaceKey
SSDT B11D3DE7 ZwRestoreKey
SSDT B11D3E23 ZwSetContextThread
SSDT B11D3DD8 ZwSetValueKey
SSDT B11D3DBF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB63AD3A0, 0x88C445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3008] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b10000705 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b10000705@68e141156601 0xA1 0x48 0xEB 0x45 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b10000705@00249047923e 0xE7 0xEF 0xBF 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b10000705 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b10000705@68e141156601 0xA1 0x48 0xEB 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b10000705@00249047923e 0xE7 0xEF 0xBF 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10000705
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10000705@68e141156601 0xA1 0x48 0xEB 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10000705@00249047923e 0xE7 0xEF 0xBF 0x0E ...

---- EOF - GMER 1.0.15 ----

Thanks,

Joseph

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 18 December 2011 - 11:28 AM

n/a

Edited by etavares, 18 December 2011 - 11:29 AM.
remove duplicate post


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 18 December 2011 - 11:28 AM

Hello, morpheus_jr16.

Are you intentionally using a proxy (to proxy.smartbro.net:8080"? If you don't know what I'm talking about, just let me know.

I do see some malware in your logs. We'll start with Combofix after these warnings:


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578



Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.



Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 morpheus_jr16

morpheus_jr16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 18 December 2011 - 11:07 PM

Hi etavares,

For the proxy "proxy.smartbro.net:8080", I think I use it as manual proxy setting before in firefox. If I remember it right, it was recommended to me by the customer service rep of my ISP when I experienced connection problems before.

I have also uninstalled bittorrent. I usually use it to download US TV series that is not accessible here in the Philippines. Is it relatively safe to do this? I have read somewhere before that viruses and malwares in P2P are usually on the applications and adult-rated content.

With CCleaner, I'm usually just clicking the Cleaner tab. Is it OK to use that one?

I could not see the ask.com toolbar in the Add/remove programs panel. Is there another way that I can remove it?


COMBOFIX LOG

ComboFix 11-12-18.02 - Ritchelle 12/19/2011 11:48:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.599 [GMT 8:00]
Running from: c:\documents and settings\Ritchelle\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-10 13:00 . 2011-12-10 13:00 -------- d-----w- c:\program files\JRE
2011-12-09 08:52 . 2011-12-09 08:52 -------- d-----w- c:\documents and settings\Ritchelle\Local Settings\Application Data\CrashRpt
2011-12-05 07:11 . 2011-12-05 07:11 -------- d-----w- c:\program files\MultiScreen
2011-12-05 07:08 . 2011-12-05 07:09 -------- d-----w- C:\Samsung
2011-12-05 05:02 . 2011-12-05 05:02 -------- d-----w- c:\documents and settings\UpdatusUser
2011-12-05 05:02 . 2011-12-05 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-12-05 05:01 . 2011-12-05 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-12-05 04:59 . 2011-05-25 07:26 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-12-05 04:59 . 2011-05-25 07:26 119528 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2011-12-05 04:59 . 2011-05-25 07:26 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-12-05 04:58 . 2011-05-25 07:25 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-05 04:58 . 2011-05-25 07:25 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-05 04:58 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-12-05 04:58 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-12-05 04:58 . 2011-05-25 07:25 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-05 04:58 . 2011-05-25 07:25 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-05 04:58 . 2011-05-25 07:25 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-05 04:58 . 2011-05-25 07:25 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-05 04:58 . 2011-05-25 07:25 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-12-05 04:58 . 2011-12-05 05:02 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-05 04:54 . 2009-09-04 09:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-12-05 04:53 . 2005-05-26 07:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-12-05 04:48 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2011-12-05 04:48 . 2011-12-05 04:48 -------- d-----w- c:\program files\Vtune
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 21:37 . 2011-06-09 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 21:06 . 2010-05-27 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 18:37 . 2009-04-26 02:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-06-02 2240512]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Others\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-10-1 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:46 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-23 23:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 08:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 05:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 6:23 AM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/30/2009 6:34 PM 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/5/2011 1:02 PM 2214504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/30/2009 6:34 PM 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/5/2011 12:59 PM 119528]
R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/29/2011 8:41 AM 428200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:56 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 05:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12]
.
2011-12-18 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12]
.
2011-12-18 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12]
.
2011-12-18 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12]
.
2011-10-30 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Software\Express\express.exe [2011-07-06 00:30]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03]
.
2011-10-30 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-07-06 00:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
FF - ProfilePath - c:\documents and settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.ftp - proxy.smartbro.net
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.smartbro.net
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.smartbro.net
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.smartbro.net
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.smartbro.net
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
FF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.de
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\zbshareware]
@DACL=(02 0000)
"times"="8"
"lastcheck"="1"
"Name"="ledworld"
"Code"="BHJDH17937"
"autorun"="1"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1232)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2011-12-19 12:01:05
ComboFix-quarantined-files.txt 2011-12-19 04:00
ComboFix2.txt 2011-11-02 14:45
.
Pre-Run: 21,428,342,784 bytes free
Post-Run: 21,533,609,984 bytes free
.
- - End Of File - - FBE13CAD3DD19ECDC9AD3CEB78367918

Thanks,

Joseph

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 19 December 2011 - 06:32 AM

Hello, morpheus_jr16.

Any illegal file sharing is not recommended as it is a vector for viruses...including audio, video and the like. You may want to try hulu.com as a legitimate way to watch, although I'm not sure it works for an IP address outside the US.

Also, you can ignore the Ask TB....you don't have the toolbar installed, but there is a reference to ask.com in your log.



Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

AtJob::
RegLock::
[HKEY_LOCAL_MACHINE\software\zbshareware]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 3

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 morpheus_jr16

morpheus_jr16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 19 December 2011 - 09:36 AM

Hi etavares,

Thanks for the advice re:torrents. Here are the logs.

TDSS Killer

21:02:48.0156 6016 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:02:49.0328 6016 ============================================================
21:02:49.0328 6016 Current date / time: 2011/12/19 21:02:49.0328
21:02:49.0328 6016 SystemInfo:
21:02:49.0328 6016
21:02:49.0328 6016 OS Version: 5.1.2600 ServicePack: 3.0
21:02:49.0328 6016 Product type: Workstation
21:02:49.0328 6016 ComputerName: UNDRICHJOSE
21:02:49.0328 6016 UserName: Ritchelle
21:02:49.0328 6016 Windows directory: C:\WINDOWS
21:02:49.0328 6016 System windows directory: C:\WINDOWS
21:02:49.0328 6016 Processor architecture: Intel x86
21:02:49.0328 6016 Number of processors: 2
21:02:49.0328 6016 Page size: 0x1000
21:02:49.0328 6016 Boot type: Normal boot
21:02:49.0328 6016 ============================================================
21:02:51.0078 6016 Initialize success
21:03:19.0531 4728 ============================================================
21:03:19.0531 4728 Scan started
21:03:19.0531 4728 Mode: Manual;
21:03:19.0531 4728 ============================================================
21:03:19.0921 4728 Abiosdsk - ok
21:03:20.0109 4728 abp480n5 - ok
21:03:20.0359 4728 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:03:20.0359 4728 ACPI - ok
21:03:20.0625 4728 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:03:20.0656 4728 ACPIEC - ok
21:03:20.0921 4728 adpu160m - ok
21:03:21.0250 4728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:03:21.0312 4728 aec - ok
21:03:21.0609 4728 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:03:21.0640 4728 AFD - ok
21:03:21.0906 4728 Aha154x - ok
21:03:22.0203 4728 aic78u2 - ok
21:03:22.0484 4728 aic78xx - ok
21:03:22.0781 4728 AliIde - ok
21:03:23.0046 4728 amsint - ok
21:03:23.0234 4728 asc - ok
21:03:23.0421 4728 asc3350p - ok
21:03:23.0609 4728 asc3550 - ok
21:03:23.0843 4728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:03:23.0875 4728 AsyncMac - ok
21:03:24.0218 4728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:03:24.0218 4728 atapi - ok
21:03:24.0500 4728 Atdisk - ok
21:03:24.0843 4728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:03:24.0875 4728 Atmarpc - ok
21:03:25.0218 4728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:03:25.0234 4728 audstub - ok
21:03:25.0328 4728 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:03:25.0359 4728 avgio - ok
21:03:25.0703 4728 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:03:25.0703 4728 avgntflt - ok
21:03:26.0031 4728 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:03:26.0062 4728 avipbb - ok
21:03:26.0265 4728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:03:26.0296 4728 Beep - ok
21:03:26.0515 4728 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:03:26.0546 4728 BthEnum - ok
21:03:26.0890 4728 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
21:03:26.0921 4728 BTHMODEM - ok
21:03:27.0265 4728 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:03:27.0296 4728 BthPan - ok
21:03:27.0656 4728 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
21:03:27.0718 4728 BTHPORT - ok
21:03:28.0062 4728 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:03:28.0093 4728 BTHUSB - ok
21:03:28.0375 4728 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
21:03:28.0375 4728 Cardex - ok
21:03:28.0531 4728 catchme - ok
21:03:28.0859 4728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:03:28.0890 4728 cbidf2k - ok
21:03:29.0140 4728 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:03:29.0156 4728 CCDECODE - ok
21:03:29.0375 4728 cd20xrnt - ok
21:03:29.0578 4728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:03:29.0609 4728 Cdaudio - ok
21:03:29.0859 4728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:03:29.0859 4728 Cdfs - ok
21:03:30.0125 4728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:03:30.0171 4728 Cdrom - ok
21:03:30.0453 4728 Changer - ok
21:03:30.0687 4728 CmdIde - ok
21:03:30.0906 4728 Cpqarray - ok
21:03:31.0171 4728 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:03:31.0203 4728 CVirtA - ok
21:03:31.0500 4728 CVPNDRVA (34c345aaf390c12ae6e51b75198e8564) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:03:31.0625 4728 CVPNDRVA - ok
21:03:31.0875 4728 dac2w2k - ok
21:03:32.0046 4728 dac960nt - ok
21:03:32.0250 4728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:03:32.0250 4728 Disk - ok
21:03:32.0656 4728 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:03:32.0906 4728 dmboot - ok
21:03:33.0187 4728 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:03:33.0187 4728 dmio - ok
21:03:33.0531 4728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:03:33.0531 4728 dmload - ok
21:03:33.0765 4728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:03:33.0796 4728 DMusic - ok
21:03:34.0125 4728 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:03:34.0187 4728 DNE - ok
21:03:34.0421 4728 dpti2o - ok
21:03:34.0640 4728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:03:34.0656 4728 drmkaud - ok
21:03:34.0984 4728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:03:35.0062 4728 Fastfat - ok
21:03:35.0312 4728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:03:35.0328 4728 Fdc - ok
21:03:35.0656 4728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:03:35.0687 4728 Fips - ok
21:03:36.0000 4728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:03:36.0031 4728 Flpydisk - ok
21:03:36.0375 4728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:03:36.0375 4728 FltMgr - ok
21:03:36.0609 4728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:03:36.0625 4728 Fs_Rec - ok
21:03:36.0875 4728 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:03:36.0890 4728 Ftdisk - ok
21:03:37.0109 4728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:03:37.0140 4728 Gpc - ok
21:03:37.0500 4728 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:03:37.0500 4728 HDAudBus - ok
21:03:37.0828 4728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:03:37.0859 4728 HidUsb - ok
21:03:38.0187 4728 hpn - ok
21:03:38.0531 4728 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:03:38.0562 4728 HPZid412 - ok
21:03:38.0843 4728 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:03:38.0875 4728 HPZipr12 - ok
21:03:39.0140 4728 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:03:39.0171 4728 HPZius12 - ok
21:03:39.0578 4728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:03:39.0640 4728 HTTP - ok
21:03:40.0015 4728 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:03:40.0062 4728 hwdatacard - ok
21:03:40.0359 4728 i2omgmt - ok
21:03:40.0640 4728 i2omp - ok
21:03:40.0953 4728 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:03:40.0968 4728 i8042prt - ok
21:03:42.0843 4728 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:03:44.0515 4728 ialm - ok
21:03:44.0859 4728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:44.0890 4728 Imapi - ok
21:03:45.0171 4728 ini910u - ok
21:03:46.0734 4728 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:03:48.0000 4728 IntcAzAudAddService - ok
21:03:48.0296 4728 IntelIde - ok
21:03:48.0609 4728 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:03:48.0609 4728 intelppm - ok
21:03:48.0921 4728 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:03:48.0937 4728 Ip6Fw - ok
21:03:49.0281 4728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:49.0281 4728 IpFilterDriver - ok
21:03:49.0546 4728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:49.0578 4728 IpInIp - ok
21:03:49.0937 4728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:49.0937 4728 IpNat - ok
21:03:50.0281 4728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:50.0343 4728 IPSec - ok
21:03:50.0578 4728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:50.0609 4728 IRENUM - ok
21:03:50.0937 4728 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:50.0953 4728 isapnp - ok
21:03:51.0281 4728 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:51.0296 4728 Kbdclass - ok
21:03:51.0546 4728 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:03:51.0562 4728 kbdhid - ok
21:03:51.0953 4728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:03:51.0953 4728 kmixer - ok
21:03:52.0265 4728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:03:52.0265 4728 KSecDD - ok
21:03:52.0562 4728 lbrtfdc - ok
21:03:52.0828 4728 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:03:52.0828 4728 MBAMProtector - ok
21:03:53.0187 4728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:03:53.0203 4728 mnmdd - ok
21:03:53.0406 4728 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:03:53.0437 4728 Modem - ok
21:03:53.0671 4728 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:53.0703 4728 Mouclass - ok
21:03:53.0968 4728 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:54.0000 4728 mouhid - ok
21:03:54.0265 4728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:03:54.0265 4728 MountMgr - ok
21:03:54.0546 4728 mraid35x - ok
21:03:54.0937 4728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:55.0015 4728 MRxDAV - ok
21:03:55.0453 4728 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:03:55.0562 4728 MRxSmb - ok
21:03:55.0828 4728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:03:55.0828 4728 Msfs - ok
21:03:56.0140 4728 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:56.0156 4728 MSKSSRV - ok
21:03:56.0484 4728 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:56.0515 4728 MSPCLOCK - ok
21:03:56.0828 4728 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:03:56.0843 4728 MSPQM - ok
21:03:57.0140 4728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:57.0140 4728 mssmbios - ok
21:03:57.0359 4728 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:03:57.0359 4728 MSTEE - ok
21:03:57.0718 4728 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:03:57.0718 4728 Mup - ok
21:03:58.0046 4728 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:03:58.0093 4728 NABTSFEC - ok
21:03:58.0375 4728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:03:58.0390 4728 NDIS - ok
21:03:58.0703 4728 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:03:58.0718 4728 NdisIP - ok
21:03:59.0031 4728 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:59.0031 4728 NdisTapi - ok
21:03:59.0281 4728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:59.0312 4728 Ndisuio - ok
21:03:59.0578 4728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:59.0625 4728 NdisWan - ok
21:04:00.0015 4728 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:04:00.0015 4728 NDProxy - ok
21:04:00.0296 4728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:04:00.0296 4728 NetBIOS - ok
21:04:00.0656 4728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:04:00.0734 4728 NetBT - ok
21:04:01.0031 4728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:04:01.0046 4728 Npfs - ok
21:04:01.0453 4728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:04:01.0546 4728 Ntfs - ok
21:04:01.0890 4728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:04:01.0906 4728 Null - ok
21:04:05.0343 4728 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:04:08.0640 4728 nv - ok
21:04:08.0937 4728 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
21:04:09.0000 4728 NVHDA - ok
21:04:09.0328 4728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:04:09.0359 4728 NwlnkFlt - ok
21:04:09.0625 4728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:04:09.0656 4728 NwlnkFwd - ok
21:04:09.0921 4728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:04:09.0968 4728 Parport - ok
21:04:10.0296 4728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:04:10.0296 4728 PartMgr - ok
21:04:10.0515 4728 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:04:10.0546 4728 ParVdm - ok
21:04:10.0796 4728 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:04:10.0796 4728 PCI - ok
21:04:11.0062 4728 PCIDump - ok
21:04:11.0296 4728 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:04:11.0296 4728 PCIIde - ok
21:04:11.0593 4728 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:04:11.0734 4728 Pcmcia - ok
21:04:11.0984 4728 PDCOMP - ok
21:04:12.0265 4728 PDFRAME - ok
21:04:12.0562 4728 PDRELI - ok
21:04:12.0859 4728 PDRFRAME - ok
21:04:13.0125 4728 perc2 - ok
21:04:13.0406 4728 perc2hib - ok
21:04:13.0765 4728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:04:13.0796 4728 PptpMiniport - ok
21:04:14.0093 4728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:04:14.0125 4728 PSched - ok
21:04:14.0390 4728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:04:14.0390 4728 Ptilink - ok
21:04:14.0718 4728 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:04:14.0718 4728 PxHelp20 - ok
21:04:14.0984 4728 ql1080 - ok
21:04:15.0187 4728 Ql10wnt - ok
21:04:15.0359 4728 ql12160 - ok
21:04:15.0531 4728 ql1240 - ok
21:04:15.0703 4728 ql1280 - ok
21:04:15.0906 4728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:04:15.0921 4728 RasAcd - ok
21:04:16.0203 4728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:04:16.0234 4728 Rasl2tp - ok
21:04:16.0562 4728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:04:16.0578 4728 RasPppoe - ok
21:04:16.0828 4728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:04:16.0843 4728 Raspti - ok
21:04:17.0140 4728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:04:17.0140 4728 Rdbss - ok
21:04:17.0390 4728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:04:17.0406 4728 RDPCDD - ok
21:04:17.0687 4728 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:04:17.0906 4728 rdpdr - ok
21:04:18.0187 4728 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:04:18.0203 4728 RDPWD - ok
21:04:18.0468 4728 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:04:18.0500 4728 redbook - ok
21:04:18.0765 4728 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:04:18.0796 4728 RFCOMM - ok
21:04:19.0125 4728 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:04:19.0171 4728 RTLE8023xp - ok
21:04:19.0484 4728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:04:19.0500 4728 Secdrv - ok
21:04:19.0765 4728 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:04:19.0765 4728 serenum - ok
21:04:20.0062 4728 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:04:20.0093 4728 Serial - ok
21:04:20.0406 4728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:04:20.0437 4728 Sfloppy - ok
21:04:20.0656 4728 Simbad - ok
21:04:20.0875 4728 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:04:20.0906 4728 SLIP - ok
21:04:23.0921 4728 SNPSTD3 (6fe75b8c6202d5180c2c6d491123c223) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
21:04:26.0578 4728 SNPSTD3 - ok
21:04:26.0796 4728 Sparrow - ok
21:04:27.0015 4728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:04:27.0015 4728 splitter - ok
21:04:27.0265 4728 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:04:27.0265 4728 sr - ok
21:04:27.0640 4728 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:04:27.0734 4728 Srv - ok
21:04:28.0000 4728 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:04:28.0031 4728 ssmdrv - ok
21:04:28.0359 4728 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:04:28.0375 4728 streamip - ok
21:04:28.0703 4728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:04:28.0718 4728 swenum - ok
21:04:29.0031 4728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:04:29.0062 4728 swmidi - ok
21:04:29.0359 4728 symc810 - ok
21:04:29.0640 4728 symc8xx - ok
21:04:29.0968 4728 sym_hi - ok
21:04:30.0187 4728 sym_u3 - ok
21:04:30.0421 4728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:04:30.0453 4728 sysaudio - ok
21:04:30.0734 4728 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
21:04:30.0734 4728 TBPanel - ok
21:04:31.0125 4728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:04:31.0156 4728 Tcpip - ok
21:04:31.0468 4728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:04:31.0484 4728 TDPIPE - ok
21:04:31.0812 4728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:04:31.0828 4728 TDTCP - ok
21:04:32.0140 4728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:04:32.0171 4728 TermDD - ok
21:04:32.0390 4728 TosIde - ok
21:04:32.0656 4728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:04:32.0687 4728 Udfs - ok
21:04:32.0953 4728 ultra - ok
21:04:33.0265 4728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:04:33.0390 4728 Update - ok
21:04:33.0640 4728 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:04:33.0656 4728 usbccgp - ok
21:04:33.0921 4728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:04:33.0953 4728 usbehci - ok
21:04:34.0296 4728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:04:34.0328 4728 usbhub - ok
21:04:34.0609 4728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:04:34.0625 4728 usbprint - ok
21:04:34.0968 4728 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:04:34.0968 4728 usbscan - ok
21:04:35.0265 4728 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:04:35.0265 4728 USBSTOR - ok
21:04:35.0593 4728 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:04:35.0609 4728 usbuhci - ok
21:04:35.0968 4728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:04:35.0968 4728 VgaSave - ok
21:04:36.0234 4728 ViaIde - ok
21:04:36.0578 4728 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:04:36.0578 4728 VolSnap - ok
21:04:36.0937 4728 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
21:04:37.0140 4728 vsdatant - ok
21:04:37.0484 4728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:04:37.0515 4728 Wanarp - ok
21:04:37.0796 4728 WDICA - ok
21:04:38.0062 4728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:04:38.0109 4728 wdmaud - ok
21:04:38.0359 4728 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:04:38.0375 4728 WS2IFSL - ok
21:04:38.0640 4728 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:04:38.0671 4728 WSTCODEC - ok
21:04:39.0046 4728 ZTEusbmdm6k (f319ab77cb703ddde78e53c45d9e0c72) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
21:04:39.0093 4728 ZTEusbmdm6k - ok
21:04:39.0390 4728 ZTEusbnmea (f319ab77cb703ddde78e53c45d9e0c72) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
21:04:39.0421 4728 ZTEusbnmea - ok
21:04:39.0781 4728 ZTEusbser6k (f319ab77cb703ddde78e53c45d9e0c72) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
21:04:39.0812 4728 ZTEusbser6k - ok
21:04:39.0843 4728 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:04:40.0031 4728 \Device\Harddisk0\DR0 - ok
21:04:40.0031 4728 Boot (0x1200) (ffd43491e982c658ec69f2bab902361e) \Device\Harddisk0\DR0\Partition0
21:04:40.0031 4728 \Device\Harddisk0\DR0\Partition0 - ok
21:04:40.0046 4728 Boot (0x1200) (90f3017e4fe91dbc685d6176a1a65178) \Device\Harddisk0\DR0\Partition1
21:04:40.0046 4728 \Device\Harddisk0\DR0\Partition1 - ok
21:04:40.0046 4728 ============================================================
21:04:40.0046 4728 Scan finished
21:04:40.0046 4728 ============================================================
21:04:40.0062 1120 Detected object count: 0
21:04:40.0062 1120 Actual detected object count: 0

Combofix

ComboFix 11-12-19.01 - Ritchelle 12/19/2011 21:49:32.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.1211 [GMT 8:00]
Running from: c:\documents and settings\Ritchelle\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ritchelle\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-10 13:00 . 2011-12-10 13:00 -------- d-----w- c:\program files\JRE
2011-12-05 07:11 . 2011-12-05 07:11 -------- d-----w- c:\program files\MultiScreen
2011-12-05 07:08 . 2011-12-05 07:09 -------- d-----w- C:\Samsung
2011-12-05 05:02 . 2011-12-05 05:02 -------- d-----w- c:\documents and settings\UpdatusUser
2011-12-05 05:02 . 2011-12-05 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-12-05 05:01 . 2011-12-05 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-12-05 04:59 . 2011-05-25 07:26 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-12-05 04:59 . 2011-05-25 07:26 119528 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2011-12-05 04:59 . 2011-05-25 07:26 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-12-05 04:58 . 2011-05-25 07:25 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-05 04:58 . 2011-05-25 07:25 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-05 04:58 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-12-05 04:58 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-12-05 04:58 . 2011-05-25 07:25 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-05 04:58 . 2011-05-25 07:25 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-05 04:58 . 2011-05-25 07:25 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-05 04:58 . 2011-05-25 07:25 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-05 04:58 . 2011-05-25 07:25 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-12-05 04:58 . 2011-12-05 05:02 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-05 04:54 . 2009-09-04 09:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-12-05 04:53 . 2005-05-26 07:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-12-05 04:48 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2011-12-05 04:48 . 2011-12-05 04:48 -------- d-----w- c:\program files\Vtune
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 21:37 . 2011-06-09 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 21:06 . 2010-05-27 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 18:37 . 2009-04-26 02:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_03.58.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 12:05 . 2011-12-19 12:05 16384 c:\windows\Temp\Perflib_Perfdata_1a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-06-02 2240512]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Others\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-10-1 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:46 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-23 23:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 08:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 05:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 6:23 AM 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/29/2011 8:41 AM 428200]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/30/2009 6:34 PM 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/5/2011 1:02 PM 2214504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/30/2009 6:34 PM 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/5/2011 12:59 PM 119528]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:56 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 84668436
*Deregistered* - 84668436
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 05:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Software\Express\express.exe [2011-07-06 00:30]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03]
.
2011-10-30 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-07-06 00:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
FF - ProfilePath - c:\documents and settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.ftp - proxy.smartbro.net
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.smartbro.net
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.smartbro.net
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.smartbro.net
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.smartbro.net
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
FF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.de
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1884)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2011-12-19 22:02:09
ComboFix-quarantined-files.txt 2011-12-19 14:02
ComboFix2.txt 2011-12-19 04:01
ComboFix3.txt 2011-11-02 14:45
.
Pre-Run: 21,567,832,064 bytes free
Post-Run: 21,550,522,368 bytes free
.
- - End Of File - - 66A1981A432210CC97FBD780C6C7C198

Jotti

Jotti's malware scan
Filename: HPCustPartic.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 19 Dec 2011 15:07:25 (CET) Permalink

Additional info
File size: 2551656 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: c39790ba091f3f9ec7dfe5c2e4598df0
SHA1: 1b66c33bb5eeacc76c2944aa77fc2695c74b13ff

Scanners
[ArcaVir]
2011-12-19 Found nothing
[Frisk F-Prot Antivirus]
2011-12-19 Found nothing
[Avast! antivirus]
2011-12-18 Found nothing
[F-Secure Anti-Virus]
2011-12-19 Found nothing
[Grisoft AVG Anti-Virus]
2011-12-19 Found nothing
[G DATA]
2011-12-19 Found nothing
[Avira AntiVir]
2011-12-19 Found nothing
[Ikarus]
2011-12-19 Found nothing
[Softwin BitDefender]
2011-12-19 Found nothing
[Kaspersky Anti-Virus]
2011-12-19 Found nothing
[ClamAV]
2011-12-19 Found nothing
[Panda Antivirus]
2011-12-18 Found nothing
[CPsecure]
2011-12-19 Found nothing
[Quick Heal]
2011-12-19 Found nothing
[Dr.Web]
2011-12-19 Found nothing
[Sophos]
2011-12-19 Found nothing
[Emsisoft Anti-Malware]
2011-12-19 Found nothing
[VirusBlokAda VBA32]
2011-12-19 Found nothing
[ESET]
2011-12-19 Found nothing
[VirusBuster]
2011-12-18 Found nothing

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8397

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 10:32:08 PM
mbam-log-2011-12-19 (22-32-08).txt

Scan type: Quick scan
Objects scanned: 209926
Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks,

Joseph

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 20 December 2011 - 06:07 AM

Hello, morpheus_jr16.


Step 1

Next, we need to remove old Java versions.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 22
    Java 6 Update 7
  • Reboot your computer once all Java components are removed.




Step 2

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/download/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1005..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 morpheus_jr16

morpheus_jr16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 December 2011 - 10:16 AM

Hi Etavares,

I have removed the adobe reader and Java 7 & 22.
Here are the logs.

Code log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3902253 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 3325446 bytes
->FireFox cache emptied: 38466349 bytes
->Flash cache emptied: 27231 bytes

User: Ritchelle
->Temp folder emptied: 856244 bytes
->Temporary Internet Files folder emptied: 606530 bytes
->Java cache emptied: 1536458 bytes
->FireFox cache emptied: 52860253 bytes
->Flash cache emptied: 2678 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56789 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_200109

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Log

OTL logfile created on: 12/20/2011 8:17:58 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ritchelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.12% Memory free
3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 19.72 Gb Free Space | 26.47% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 1.58 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Computer Name: UNDRICHJOSE | User Name: Ritchelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:14:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 08:40:53 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/29 08:40:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/02 10:33:38 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2011/05/25 15:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/27 20:01:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/03 08:09:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/01 11:56:46 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\imtcp_xpcom.dll
MOD - [2011/06/02 10:33:38 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2011/03/25 14:44:54 | 001,018,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/01/28 12:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/08/23 21:41:22 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
MOD - [2009/08/11 13:56:52 | 000,053,248 | ---- | M] () -- C:\Program Files\MultiScreen\MGResEng.dll
MOD - [2009/08/11 13:54:36 | 000,053,248 | ---- | M] () -- C:\Program Files\MultiScreen\SmartMouseDll.dll
MOD - [2009/08/11 13:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\MultiScreen\TitleBar.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 08:40:53 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/29 08:40:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/25 15:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 20:01:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/29 08:40:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 08:40:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/25 15:26:22 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/25 16:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 21:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/03/07 11:21:24 | 010,423,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:7.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.10.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugins@bf-itservice.de:1.4
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.backup.ftp: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.smartbro.net"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.smartbro.net"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.smartbro.net"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.smartbro.net"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.smartbro.net"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.10.04: C:\Documents and Settings\Ritchelle\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Ritchelle\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/08 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 12:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 19:40:07 | 000,000,000 | ---D | M]

[2009/04/24 08:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Extensions
[2011/12/20 15:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions
[2010/03/29 09:28:25 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/13 08:11:48 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011/01/02 14:35:22 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/12/05 14:01:35 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/04/24 08:27:29 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011/07/09 22:28:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/11/02 08:04:15 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/09/10 20:22:00 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2011/11/22 04:56:50 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/22 04:56:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/17 11:07:48 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/12/16 08:08:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/02 08:04:00 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\foxyproxy@eric.h.jung
[2011/06/30 08:05:56 | 000,000,000 | ---D | M] (easyComment) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\plugins@bf-itservice.de
[2009/05/31 08:48:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\ask.xml
[2009/08/24 17:30:01 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\mywebsearch.xml
[2011/12/20 19:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/01 19:52:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/27 17:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/09 08:09:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/26 16:30:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/04/07 08:05:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/28 12:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/12/19 21:59:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1003..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe ()
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1003..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://69.179.81.86/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255}: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ritchelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/18 12:01:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 22:18:41 | 000,000,000 | ---D | M] - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 22:18:41 | 000,000,000 | ---D | M] - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 20:01:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/20 19:52:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/20 19:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ritchelle\My Documents
[2011/12/19 22:07:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ritchelle\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/19 20:16:02 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ritchelle\Desktop\tdsskiller.exe
[2011/12/19 19:10:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ritchelle\Recent
[2011/12/19 11:45:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/19 11:45:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/19 11:45:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/19 11:45:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/19 11:45:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 11:27:24 | 004,344,514 | R--- | C] (Swearware) -- C:\Documents and Settings\Ritchelle\Desktop\ComboFix.exe
[2011/12/18 12:13:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
[2011/12/10 21:03:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0
[2011/12/10 21:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/12/09 23:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2011/12/09 22:27:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/09 22:27:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/09 22:27:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/05 15:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\MultiScreen
[2011/12/05 15:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiScreen
[2011/12/05 15:08:22 | 000,000,000 | ---D | C] -- C:\Samsung
[2011/12/05 13:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/12/05 13:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/12/05 13:00:54 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2011/12/05 13:00:54 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2011/12/05 13:00:54 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2011/12/05 13:00:54 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2011/12/05 13:00:53 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2011/12/05 13:00:53 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2011/12/05 13:00:53 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2011/12/05 13:00:53 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2011/12/05 13:00:53 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2011/12/05 13:00:53 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2011/12/05 13:00:52 | 000,331,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2011/12/05 13:00:52 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2011/12/05 13:00:52 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2011/12/05 13:00:52 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2011/12/05 13:00:52 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2011/12/05 13:00:52 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2011/12/05 13:00:52 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2011/12/05 13:00:52 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2011/12/05 13:00:52 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2011/12/05 13:00:51 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2011/12/05 13:00:51 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2011/12/05 13:00:51 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2011/12/05 13:00:51 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2011/12/05 13:00:51 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2011/12/05 13:00:51 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2011/12/05 13:00:51 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2011/12/05 13:00:51 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2011/12/05 13:00:51 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2011/12/05 13:00:51 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/12/05 13:00:47 | 013,895,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/12/05 13:00:47 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/12/05 13:00:32 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\easyupdatusapiu.dll
[2011/12/05 13:00:32 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/12/05 12:59:34 | 000,119,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
[2011/12/05 12:59:34 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
[2011/12/05 12:59:33 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco322040.dll
[2011/12/05 12:58:49 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/12/05 12:58:46 | 016,068,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/12/05 12:58:45 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/12/05 12:58:45 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/12/05 12:58:44 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/12/05 12:58:44 | 005,332,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/12/05 12:58:44 | 002,808,936 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/12/05 12:58:44 | 002,328,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/12/05 12:58:44 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/12/05 12:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/05 12:55:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/12/05 12:55:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/12/05 12:55:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/12/05 12:55:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/12/05 12:55:09 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/12/05 12:55:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/12/05 12:55:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/12/05 12:55:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/12/05 12:55:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/12/05 12:55:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/12/05 12:55:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/12/05 12:55:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/12/05 12:55:04 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/12/05 12:55:01 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/12/05 12:55:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/12/05 12:55:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/12/05 12:55:00 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/12/05 12:54:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/12/05 12:54:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/12/05 12:54:58 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/12/05 12:54:58 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/12/05 12:54:58 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/12/05 12:54:57 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/12/05 12:54:57 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/12/05 12:54:56 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/12/05 12:54:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/12/05 12:54:54 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/12/05 12:54:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/12/05 12:54:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/12/05 12:54:53 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/12/05 12:54:53 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/12/05 12:54:52 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/12/05 12:54:52 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/12/05 12:54:51 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/12/05 12:54:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/12/05 12:54:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/12/05 12:54:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/12/05 12:54:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/12/05 12:54:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/12/05 12:54:47 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/12/05 12:54:47 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/12/05 12:54:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/12/05 12:54:46 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/12/05 12:54:45 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/12/05 12:54:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/12/05 12:54:44 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/12/05 12:54:43 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/12/05 12:54:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/12/05 12:54:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/12/05 12:54:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/12/05 12:54:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/12/05 12:54:40 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/12/05 12:54:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/12/05 12:54:37 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/12/05 12:54:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/12/05 12:54:36 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/12/05 12:54:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/12/05 12:54:34 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/12/05 12:54:34 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/12/05 12:54:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/12/05 12:54:33 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/12/05 12:54:33 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/12/05 12:54:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/12/05 12:54:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/12/05 12:54:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/12/05 12:54:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/12/05 12:54:28 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/12/05 12:54:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/12/05 12:54:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/12/05 12:54:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/12/05 12:54:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/12/05 12:54:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/12/05 12:54:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/12/05 12:54:10 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/12/05 12:54:10 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/12/05 12:54:10 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/12/05 12:54:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/12/05 12:54:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/12/05 12:54:08 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/12/05 12:54:07 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/12/05 12:54:06 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/12/05 12:53:40 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/12/05 12:53:40 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/12/05 12:53:40 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/12/05 12:53:38 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/12/05 12:53:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/12/05 12:53:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/12/05 12:53:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/12/05 12:53:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/12/05 12:48:34 | 000,012,256 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys
[2011/12/05 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vtune
[2011/12/05 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Vtune
[2009/12/23 22:39:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/12/23 22:39:01 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/23 22:39:01 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/12/23 22:39:01 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/12/20 20:12:54 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/12/20 20:10:50 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 20:10:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/20 18:46:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 06:37:37 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 01:57:37 | 000,004,546 | ---- | M] () -- D:\My Documents\Default.rdp
[2011/12/19 22:09:14 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ritchelle\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/19 21:59:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/19 21:47:17 | 004,344,514 | R--- | M] (Swearware) -- C:\Documents and Settings\Ritchelle\Desktop\ComboFix.exe
[2011/12/19 20:23:11 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ritchelle\Desktop\tdsskiller.exe
[2011/12/18 12:14:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
[2011/12/16 08:03:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 20:31:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\񀿉
[2011/12/11 12:57:18 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 21:03:08 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2011/12/10 16:21:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ritchelle\defogger_reenable
[2011/12/10 16:21:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\0bnyhop4.exe
[2011/12/10 16:20:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\Defogger.exe
[2011/12/09 19:48:35 | 000,000,060 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/12/09 19:48:35 | 000,000,047 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/12/05 15:11:41 | 000,001,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiScreen.lnk
[2011/12/05 13:00:27 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/05 13:00:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/05 13:00:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/05 13:00:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/05 12:47:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/05 12:44:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 01:32:54 | 000,063,348 | ---- | M] () -- D:\My Documents\cc_20111204_013235.reg
[2011/11/24 05:43:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/24 05:37:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/19 11:45:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/19 11:45:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/19 11:45:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/19 11:45:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/19 11:45:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/13 20:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\񀿉
[2011/12/10 21:03:08 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2011/12/10 16:21:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ritchelle\defogger_reenable
[2011/12/10 16:21:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\0bnyhop4.exe
[2011/12/10 16:20:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\Defogger.exe
[2011/12/05 15:11:41 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiScreen.lnk
[2011/12/05 13:00:22 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/05 13:00:22 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/05 13:00:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/05 13:00:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/05 12:58:45 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/05 12:58:45 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/12/05 12:44:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 01:32:48 | 000,063,348 | ---- | C] () -- D:\My Documents\cc_20111204_013235.reg
[2011/11/16 20:36:20 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2011/10/02 19:09:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Application Data\downloads.m3u
[2011/09/01 10:48:34 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2011/01/23 21:16:39 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/30 01:24:49 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Application Data\default.rss
[2010/01/28 10:46:46 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/12/23 22:39:04 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/12/23 22:39:03 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2009/12/23 22:39:02 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/12/23 22:39:02 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2009/11/06 19:28:55 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/10/02 20:52:38 | 000,157,208 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/10/02 20:52:38 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/08/23 21:41:22 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/08/23 21:41:14 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/06/09 18:27:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/24 08:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/22 21:13:17 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/18 19:49:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/18 19:48:40 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/18 13:30:33 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/18 13:30:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/18 13:30:30 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/18 13:30:30 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/18 13:30:28 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/18 13:25:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/18 12:19:33 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/18 12:19:33 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/18 12:03:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/18 11:59:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/08/24 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 23:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 23:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

ESET threats

C:\Documents and Settings\Ritchelle\Desktop\installers\asc-setup.exe a variant of Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{70A6915E-0B06-47B8-AEF7-8BA19D1CEC8A}\RP26\A0010781.exe a variant of Win32/Adware.Toolbar.Dealio application deleted - quarantined
D:\My Documents\Downloads\asc-setup.exe a variant of Win32/Adware.Toolbar.Dealio application deleted - quarantined


Thanks,

Joseph

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 21 December 2011 - 06:23 AM

Hello, morpheus_jr16.

How is it running now?



Step 1


You are using Open Office 3.0. THat's a great program. However, the current version is 3.3 I do suggest you update.



Step 2

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    C:\WINDOWS\System32\񀿉
    C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\mywebsearch.xml
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 morpheus_jr16

morpheus_jr16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 21 December 2011 - 07:30 AM

Hi Etavares,

With regards to the Google captcha redirects, it seems it is already not appearing anymore. However, it seems there is still no improvement in the start up and shutting down times. could this be a malware related problem. I first encountered this when I upgraded to SP3.

I am actually using both MS Office and Open Office. I am also aware that there is already a newer version for Open Office. In fact I have already tried upgrading to it. However, it lacks 1 functionality which is in Open Office 3.0. Is it OK if I just keep the older version?

Here are the logs from the latest OTL scans.
OTL FIX
========== FILES ==========
C:\WINDOWS\System32\񀿉 moved successfully.
C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\mywebsearch.xml moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_195209

OTL SCAN

OTL logfile created on: 12/21/2011 8:02:37 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ritchelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.90% Memory free
3.84 Gb Paging File | 2.96 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.58 Gb Free Space | 28.96% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 3.66 Gb Free Space | 4.91% Space Free | Partition Type: NTFS

Computer Name: UNDRICHJOSE | User Name: Ritchelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:14:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 08:40:53 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/29 08:40:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/22 08:14:47 | 000,581,288 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2011/06/02 10:33:38 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2011/05/25 15:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/27 20:01:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/25 14:44:54 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/03 08:09:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/24 05:37:25 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/01 11:56:46 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\imtcp_xpcom.dll
MOD - [2011/06/02 10:33:38 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2011/03/25 14:44:54 | 001,018,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/02/18 10:30:51 | 000,126,824 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll
MOD - [2010/01/28 12:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/08/23 21:41:22 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
MOD - [2009/08/11 13:56:52 | 000,053,248 | ---- | M] () -- C:\Program Files\MultiScreen\MGResEng.dll
MOD - [2009/08/11 13:54:36 | 000,053,248 | ---- | M] () -- C:\Program Files\MultiScreen\SmartMouseDll.dll
MOD - [2009/08/11 13:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\MultiScreen\TitleBar.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 08:40:53 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/29 08:40:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/25 15:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 20:01:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/29 08:40:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 08:40:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/25 15:26:22 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/25 16:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 21:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/06/30 10:18:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/03/07 11:21:24 | 010,423,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:7.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.10.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugins@bf-itservice.de:1.4
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.backup.ftp: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.smartbro.net"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.smartbro.net"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.smartbro.net"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.smartbro.net"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.smartbro.net"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.smartbro.net"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.10.04: C:\Documents and Settings\Ritchelle\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Ritchelle\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/08 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 12:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 22:00:06 | 000,000,000 | ---D | M]

[2009/04/24 08:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Extensions
[2011/12/21 15:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions
[2010/03/29 09:28:25 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/13 08:11:48 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011/01/02 14:35:22 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/12/05 14:01:35 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/04/24 08:27:29 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011/07/09 22:28:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/11/02 08:04:15 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/09/10 20:22:00 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2011/11/22 04:56:50 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/22 04:56:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/17 11:07:48 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/12/16 08:08:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/02 08:04:00 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\foxyproxy@eric.h.jung
[2011/06/30 08:05:56 | 000,000,000 | ---D | M] (easyComment) -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\extensions\plugins@bf-itservice.de
[2009/05/31 08:48:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\searchplugins\ask.xml
[2011/12/21 15:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/01 19:52:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/27 17:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/09 08:09:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/26 16:30:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/04/07 08:05:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/28 12:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/12/19 21:59:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1003..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe ()
O4 - HKU\S-1-5-21-57989841-1960408961-839522115-1003..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1960408961-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://69.179.81.86/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255}: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ritchelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/18 12:01:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 22:18:41 | 000,000,000 | ---D | M] - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 22:18:41 | 000,000,000 | ---D | M] - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 22:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/20 20:01:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/20 19:52:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/20 19:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ritchelle\My Documents
[2011/12/19 20:16:02 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ritchelle\Desktop\tdsskiller.exe
[2011/12/19 19:10:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ritchelle\Recent
[2011/12/19 11:45:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/19 11:45:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/19 11:45:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/19 11:45:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/19 11:45:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 11:27:24 | 004,344,514 | R--- | C] (Swearware) -- C:\Documents and Settings\Ritchelle\Desktop\ComboFix.exe
[2011/12/18 12:13:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
[2011/12/10 21:03:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0
[2011/12/10 21:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/12/09 23:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2011/12/09 22:27:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/09 22:27:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/09 22:27:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/05 15:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\MultiScreen
[2011/12/05 15:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiScreen
[2011/12/05 15:08:22 | 000,000,000 | ---D | C] -- C:\Samsung
[2011/12/05 13:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/12/05 13:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/12/05 13:00:54 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2011/12/05 13:00:54 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2011/12/05 13:00:54 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2011/12/05 13:00:54 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2011/12/05 13:00:53 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2011/12/05 13:00:53 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2011/12/05 13:00:53 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2011/12/05 13:00:53 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2011/12/05 13:00:53 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2011/12/05 13:00:53 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2011/12/05 13:00:52 | 000,331,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2011/12/05 13:00:52 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2011/12/05 13:00:52 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2011/12/05 13:00:52 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2011/12/05 13:00:52 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2011/12/05 13:00:52 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2011/12/05 13:00:52 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2011/12/05 13:00:52 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2011/12/05 13:00:52 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2011/12/05 13:00:51 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2011/12/05 13:00:51 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2011/12/05 13:00:51 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2011/12/05 13:00:51 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2011/12/05 13:00:51 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2011/12/05 13:00:51 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2011/12/05 13:00:51 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2011/12/05 13:00:51 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2011/12/05 13:00:51 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2011/12/05 13:00:51 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/12/05 13:00:47 | 013,895,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/12/05 13:00:47 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/12/05 13:00:32 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\easyupdatusapiu.dll
[2011/12/05 13:00:32 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/12/05 12:59:34 | 000,119,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
[2011/12/05 12:59:34 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
[2011/12/05 12:59:33 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco322040.dll
[2011/12/05 12:58:49 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/12/05 12:58:46 | 016,068,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/12/05 12:58:45 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/12/05 12:58:45 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/12/05 12:58:44 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/12/05 12:58:44 | 005,332,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/12/05 12:58:44 | 002,808,936 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/12/05 12:58:44 | 002,328,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/12/05 12:58:44 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/12/05 12:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/05 12:55:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/12/05 12:55:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/12/05 12:55:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/12/05 12:55:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/12/05 12:55:09 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/12/05 12:55:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/12/05 12:55:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/12/05 12:55:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/12/05 12:55:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/12/05 12:55:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/12/05 12:55:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/12/05 12:55:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/12/05 12:55:04 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/12/05 12:55:01 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/12/05 12:55:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/12/05 12:55:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/12/05 12:55:00 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/12/05 12:54:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/12/05 12:54:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/12/05 12:54:58 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/12/05 12:54:58 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/12/05 12:54:58 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/12/05 12:54:57 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/12/05 12:54:57 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/12/05 12:54:56 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/12/05 12:54:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/12/05 12:54:54 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/12/05 12:54:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/12/05 12:54:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/12/05 12:54:53 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/12/05 12:54:53 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/12/05 12:54:52 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/12/05 12:54:52 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/12/05 12:54:51 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/12/05 12:54:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/12/05 12:54:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/12/05 12:54:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/12/05 12:54:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/12/05 12:54:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/12/05 12:54:47 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/12/05 12:54:47 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/12/05 12:54:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/12/05 12:54:46 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/12/05 12:54:45 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/12/05 12:54:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/12/05 12:54:44 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/12/05 12:54:43 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/12/05 12:54:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/12/05 12:54:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/12/05 12:54:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/12/05 12:54:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/12/05 12:54:40 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/12/05 12:54:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/12/05 12:54:37 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/12/05 12:54:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/12/05 12:54:36 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/12/05 12:54:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/12/05 12:54:34 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/12/05 12:54:34 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/12/05 12:54:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/12/05 12:54:33 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/12/05 12:54:33 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/12/05 12:54:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/12/05 12:54:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/12/05 12:54:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/12/05 12:54:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/12/05 12:54:28 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/12/05 12:54:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/12/05 12:54:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/12/05 12:54:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/12/05 12:54:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/12/05 12:54:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/12/05 12:54:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/12/05 12:54:10 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/12/05 12:54:10 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/12/05 12:54:10 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/12/05 12:54:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/12/05 12:54:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/12/05 12:54:08 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/12/05 12:54:07 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/12/05 12:54:06 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/12/05 12:53:40 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/12/05 12:53:40 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/12/05 12:53:40 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/12/05 12:53:38 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/12/05 12:53:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/12/05 12:53:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/12/05 12:53:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/12/05 12:53:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/12/05 12:48:34 | 000,012,256 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys
[2011/12/05 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vtune
[2011/12/05 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Vtune
[2009/12/23 22:39:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/12/23 22:39:01 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/23 22:39:01 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/12/23 22:39:01 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/12/21 19:58:22 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/12/21 19:57:52 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 19:57:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 19:46:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 08:04:40 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 03:08:14 | 000,004,546 | ---- | M] () -- D:\My Documents\Default.rdp
[2011/12/20 22:00:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/19 21:59:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/19 21:47:17 | 004,344,514 | R--- | M] (Swearware) -- C:\Documents and Settings\Ritchelle\Desktop\ComboFix.exe
[2011/12/19 20:23:11 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ritchelle\Desktop\tdsskiller.exe
[2011/12/18 12:14:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ritchelle\Desktop\OTL.exe
[2011/12/16 08:03:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/11 12:57:18 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 21:03:08 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2011/12/10 16:21:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ritchelle\defogger_reenable
[2011/12/10 16:21:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\0bnyhop4.exe
[2011/12/10 16:20:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ritchelle\Desktop\Defogger.exe
[2011/12/09 19:48:35 | 000,000,060 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/12/09 19:48:35 | 000,000,047 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/12/05 15:11:41 | 000,001,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiScreen.lnk
[2011/12/05 13:00:27 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/05 13:00:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/05 13:00:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/05 13:00:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/05 12:47:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/05 12:44:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 01:32:54 | 000,063,348 | ---- | M] () -- D:\My Documents\cc_20111204_013235.reg
[2011/11/24 05:43:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/24 05:37:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/20 22:00:07 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/20 22:00:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/19 11:45:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/19 11:45:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/19 11:45:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/19 11:45:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/19 11:45:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/10 21:03:08 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2011/12/10 16:21:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ritchelle\defogger_reenable
[2011/12/10 16:21:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\0bnyhop4.exe
[2011/12/10 16:20:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Desktop\Defogger.exe
[2011/12/05 15:11:41 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiScreen.lnk
[2011/12/05 13:00:22 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/05 13:00:22 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/05 13:00:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/05 13:00:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/05 12:58:45 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/05 12:58:45 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/12/05 12:44:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 01:32:48 | 000,063,348 | ---- | C] () -- D:\My Documents\cc_20111204_013235.reg
[2011/11/16 20:36:20 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2011/10/02 19:09:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Application Data\downloads.m3u
[2011/09/01 10:48:34 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2011/01/23 21:16:39 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/30 01:24:49 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Application Data\default.rss
[2010/01/28 10:46:46 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/12/23 22:39:04 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/12/23 22:39:03 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2009/12/23 22:39:02 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/12/23 22:39:02 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2009/11/06 19:28:55 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/10/02 20:52:38 | 000,157,208 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/10/02 20:52:38 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/08/23 21:41:22 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/08/23 21:41:14 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/06/09 18:27:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/24 08:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/22 21:13:17 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\Ritchelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/18 19:49:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/18 19:48:40 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/18 13:30:33 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/18 13:30:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/18 13:30:30 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/18 13:30:30 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/18 13:30:28 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/18 13:25:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/18 12:19:33 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/18 12:19:33 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/18 12:03:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/18 11:59:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/08/24 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 23:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 23:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Thanks,

Joseph

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 21 December 2011 - 08:49 AM

Hi,

I do recommend to update...there are known security holes that are patched with each successive version of Open Office. For example, see this list:
http://www.openoffice.org/security/bulletin.html

In the end, updating is up to you, of course.

In regards to the startup/shutdown time, since it started when you upgraded to SP3 and there's nothing in your logs at this point, it's likely not a virus. XP is just slow. My work computer used to take 15 minutes to cold boot. We just upgraded to Win7 and it's fully booted in about 45 seconds now. :)

We can do some things to try speed it up.

First, you can download Startup Lite. It's made by the makers of Malwarebytes' Anti-Malware and helps you select which programs should launch when you start up. Your list looks small, but it's a good first step.

You can also run Soluto to see what exactly is taking a lot of time when booting.

Finally, if these don't help as much as you like, we can optimize your services. Start with those two and let me know how it is running.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 morpheus_jr16

morpheus_jr16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 23 December 2011 - 04:10 AM

Hi Etavares,

Sorry for the delayed reply but I am having trouble installing Soluto. I always got an error when installing it. Anyway, is my system already clean? If it is, do I have to uninstall any of the programs that we used in cleaning it up?

Thanks,

Joseph

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 23 December 2011 - 09:57 AM

Hello, morpheus_jr16.

You do appear clean. Here's how to uninstall our tools. Let me knwo if you want to continue to try and improve the speed after this.



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click Posted Imageicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.




Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users