Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroKill/RootAccess Trojan


  • This topic is locked This topic is locked
39 replies to this topic

#1 rocknsock

rocknsock

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 February 2012 - 12:25 PM

Hello, im looking to get rid of the ZeroKill RootAccess Trojan. Ive run combo fix on the computer to restore internet service to it once it completely wiped it out yesterday. Ive run a couple of different scans but I still see some effects of the Trojan, as I my searches redirect on some of the links I click on, so any help would be appreciate on helping clean my system.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Run by Dougherty at 11:23:23 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1034 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\AOL\1204841587\ee\AOLSoftware.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\SHOUTcast\sc_serv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HostManager] c:\program files\common files\aol\1204841587\ee\AOLSoftware.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\docume~1\doughe~1\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe
StartupFolder: c:\docume~1\doughe~1\startm~1\programs\startup\univer~1.lnk - c:\program files\universalcallerid\UniversalCallerID.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips photo manager\funcam\Philips FunCam Monitor.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: Ustream Publisher - hxxp://static.ustream.tv/plugin/ustream_publisher.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{66CBD011-63A5-4C83-B370-7AEB31370BA7} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dougherty\application data\mozilla\firefox\profiles\f16bsc8h.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\dougherty\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\dougherty\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dougherty\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dougherty\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPnsv_vp3_mp3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-13 21992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S1 tdpipee;tdpipee;c:\windows\system32\drivers\tdpipee.sys --> c:\windows\system32\drivers\tdpipee.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [2011-2-14 42432]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\common files\roxio shared\vhstodvd\sharedcom\RoxMediaDBVHS.exe [2010-2-19 1116656]
S3 SNDFCAM;Philips FunCam;c:\windows\system32\drivers\sndfcam.sys [2008-3-6 219008]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-4-25 31872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Windows Services Control;Windows Services Control;c:\windows\inf\service.exe --> c:\windows\inf\service.exe [?]
.
=============== Created Last 30 ================
.
2012-02-11 08:39:22 -------- d--h--w- C:\$AVG
2012-02-11 02:45:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-02-11 02:10:49 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-11 02:10:34 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-02-11 01:31:45 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-11 01:02:27 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-07 01:58:58 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-03 01:58:16 -------- d-----r- c:\program files\Skype
2012-01-29 21:09:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-29 21:08:03 -------- d-----w- c:\windows\Logs
2012-01-29 21:07:55 -------- d-----w- c:\program files\Sony Online Entertainment
2012-01-16 07:42:01 -------- d-----w- c:\documents and settings\dougherty\application data\HD Tune Pro
2012-01-16 07:41:57 -------- d-----w- c:\program files\HD Tune Pro
2012-01-16 07:33:25 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop
.
==================== Find3M ====================
.
2012-02-11 16:05:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-07 03:27:31 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-29 21:12:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 21:15:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-15 21:15:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 11:24:48.09 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-11 12:24:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.ADA
Running: mzszl9zx.exe; Driver: C:\DOCUME~1\DOUGHE~1\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA79DEF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA79DEFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA79DF080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA79DF11C]

---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\afd.sys The system cannot find the path specified. !
? C:\DOCUME~1\DOUGHE~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03B4000A
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 03CB000A
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 03B3000C
? C:\WINDOWS\System32\svchost.exe[1412] C:\WINDOWS\System32\smss.exe image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\ping.exe[2648] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\ping.exe[2648] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\ping.exe[2648] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A4000A
.text C:\WINDOWS\System32\ping.exe[2648] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A5000A
.text C:\WINDOWS\System32\ping.exe[2648] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\WINDOWS\System32\ping.exe[2648] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\ping.exe[2648] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\ping.exe[2648] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C0000A
.text C:\WINDOWS\System32\ping.exe[2648] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00BD000A
.text C:\Program Files\real\realplayer\update\realsched.exe[3296] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3552] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106B66DC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3552] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106B666E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3552] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1044A4E7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3552] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044AABD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Windows Media Player\wmplayer.exe[3852] kernel32.dll!IsDebuggerPresent 7C813133 6 Bytes JMP 02BECEB0 C:\Program Files\Total Video Converter\Mpeg2DecFilter.ax (MPEG-1/2 Decoder Filter for DirectShow/Gabest)
.text C:\Program Files\Windows Media Player\wmplayer.exe[3852] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 02BE1E00 C:\Program Files\Total Video Converter\Mpeg2DecFilter.ax (MPEG-1/2 Decoder Filter for DirectShow/Gabest)
.text C:\Program Files\Windows Media Player\wmplayer.exe[3852] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 02BE1E30 C:\Program Files\Total Video Converter\Mpeg2DecFilter.ax (MPEG-1/2 Decoder Filter for DirectShow/Gabest)
.text C:\WINDOWS\explorer.exe[4804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01FF000A
.text C:\WINDOWS\explorer.exe[4804] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0200000A
.text C:\WINDOWS\explorer.exe[4804] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01FE000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02F8000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4884] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 033B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4884] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02F7000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) A7A66000-A7A76000 (65536 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 2648

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids@lű\x90|qű\x90|
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids@lű\x90|qű\x90|

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 11 February 2012 - 09:33 PM

I'd like to get a couple more diagnostic scans please

please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT




Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If anything is found > choose "skip" at this time, I just need a log to see what we are dealing with
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 February 2012 - 09:53 PM

Here Ya Go!

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 21:43:57
-----------------------------
21:43:57.906 OS Version: Windows 5.1.2600 Service Pack 3
21:43:57.906 Number of processors: 2 586 0xF0B
21:43:57.906 ComputerName: HOME UserName:
21:44:00.234 Initialize success
21:45:08.296 AVAST engine defs: 12021101
21:45:21.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:45:21.078 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
21:45:21.093 Disk 0 MBR read successfully
21:45:21.093 Disk 0 MBR scan
21:45:21.125 Disk 0 Windows XP default MBR code
21:45:21.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
21:45:21.125 Disk 0 scanning sectors +488263545
21:45:21.187 Disk 0 scanning C:\WINDOWS\system32\drivers
21:45:27.390 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-JQ [Trj]
21:45:31.453 Disk 0 trace - called modules:
21:45:31.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba13bfc0]<<
21:45:31.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae70ab8]
21:45:31.484 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8ac68aa8]
21:45:31.812 \Driver\00001433[0x8a708880] -> IRP_MJ_CREATE -> 0xba13bfc0
21:45:32.875 AVAST engine scan C:\WINDOWS
21:45:54.625 AVAST engine scan C:\WINDOWS\system32
21:49:06.031 AVAST engine scan C:\WINDOWS\system32\drivers
21:49:15.546 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-JQ [Trj]

21:47:22.0578 1064 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:47:22.0843 1064 ============================================================
21:47:22.0843 1064 Current date / time: 2012/02/11 21:47:22.0843
21:47:22.0843 1064 SystemInfo:
21:47:22.0843 1064
21:47:22.0843 1064 OS Version: 5.1.2600 ServicePack: 3.0
21:47:22.0843 1064 Product type: Workstation
21:47:22.0843 1064 ComputerName: HOME
21:47:22.0843 1064 UserName: Dougherty
21:47:22.0843 1064 Windows directory: C:\WINDOWS
21:47:22.0843 1064 System windows directory: C:\WINDOWS
21:47:22.0843 1064 Processor architecture: Intel x86
21:47:22.0843 1064 Number of processors: 2
21:47:22.0843 1064 Page size: 0x1000
21:47:22.0843 1064 Boot type: Normal boot
21:47:22.0843 1064 ============================================================
21:47:25.0062 1064 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:47:25.0093 1064 \Device\Harddisk0\DR0:
21:47:25.0093 1064 MBR used
21:47:25.0093 1064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
21:47:25.0156 1064 Initialize success
21:47:25.0156 1064 ============================================================
21:47:33.0687 2516 ============================================================
21:47:33.0687 2516 Scan started
21:47:33.0687 2516 Mode: Manual; SigCheck;
21:47:33.0687 2516 ============================================================
21:47:34.0593 2516 Abiosdsk - ok
21:47:34.0671 2516 abp480n5 - ok
21:47:34.0750 2516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:47:37.0812 2516 ACPI - ok
21:47:37.0968 2516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:47:38.0093 2516 ACPIEC - ok
21:47:38.0250 2516 adpu160m - ok
21:47:38.0328 2516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:47:38.0453 2516 aec - ok
21:47:38.0593 2516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:47:38.0703 2516 AFD - ok
21:47:38.0890 2516 Aha154x - ok
21:47:38.0937 2516 aic78u2 - ok
21:47:38.0968 2516 aic78xx - ok
21:47:39.0015 2516 AliIde - ok
21:47:39.0015 2516 amsint - ok
21:47:39.0031 2516 asc - ok
21:47:39.0125 2516 asc3350p - ok
21:47:39.0187 2516 asc3550 - ok
21:47:39.0203 2516 ASPI32 - ok
21:47:39.0281 2516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:47:39.0375 2516 AsyncMac - ok
21:47:39.0531 2516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:47:39.0640 2516 atapi - ok
21:47:39.0718 2516 Atdisk - ok
21:47:39.0781 2516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:47:39.0906 2516 Atmarpc - ok
21:47:40.0046 2516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:47:40.0156 2516 audstub - ok
21:47:40.0359 2516 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:47:40.0562 2516 AVGIDSDriver - ok
21:47:40.0781 2516 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:47:40.0781 2516 AVGIDSEH - ok
21:47:40.0812 2516 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:47:40.0812 2516 AVGIDSFilter - ok
21:47:40.0859 2516 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:47:40.0859 2516 AVGIDSShim - ok
21:47:40.0937 2516 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:47:40.0968 2516 Avgldx86 - ok
21:47:41.0125 2516 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:47:41.0140 2516 Avgmfx86 - ok
21:47:41.0234 2516 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:47:41.0250 2516 Avgrkx86 - ok
21:47:41.0359 2516 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:47:41.0375 2516 Avgtdix - ok
21:47:41.0500 2516 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
21:47:41.0546 2516 BCM42RLY ( UnsignedFile.Multi.Generic ) - warning
21:47:41.0546 2516 BCM42RLY - detected UnsignedFile.Multi.Generic (1)
21:47:41.0609 2516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:47:41.0718 2516 Beep - ok
21:47:41.0750 2516 catchme - ok
21:47:41.0937 2516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:47:42.0062 2516 cbidf2k - ok
21:47:42.0265 2516 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:47:42.0375 2516 CCDECODE - ok
21:47:42.0437 2516 cd20xrnt - ok
21:47:42.0593 2516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:47:42.0718 2516 Cdaudio - ok
21:47:42.0984 2516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:47:43.0125 2516 Cdfs - ok
21:47:43.0312 2516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:47:43.0421 2516 Cdrom - ok
21:47:43.0531 2516 cercsr6 - ok
21:47:43.0531 2516 Changer - ok
21:47:43.0609 2516 CmdIde - ok
21:47:43.0625 2516 Cpqarray - ok
21:47:43.0718 2516 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
21:47:43.0734 2516 cpuz135 - ok
21:47:43.0734 2516 dac2w2k - ok
21:47:43.0750 2516 dac960nt - ok
21:47:43.0843 2516 DIGIRPS (9ae322f68cb80e6b1681b3a650e93edd) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
21:47:43.0953 2516 DIGIRPS - ok
21:47:44.0015 2516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:47:44.0140 2516 Disk - ok
21:47:44.0421 2516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:47:44.0578 2516 dmboot - ok
21:47:44.0718 2516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:47:44.0828 2516 dmio - ok
21:47:44.0843 2516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:47:44.0953 2516 dmload - ok
21:47:45.0015 2516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:47:45.0125 2516 DMusic - ok
21:47:45.0265 2516 dpti2o - ok
21:47:45.0281 2516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:47:45.0406 2516 drmkaud - ok
21:47:45.0437 2516 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:47:45.0453 2516 e1express - ok
21:47:45.0656 2516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:47:45.0765 2516 Fastfat - ok
21:47:46.0015 2516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:47:46.0125 2516 Fdc - ok
21:47:46.0328 2516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:47:46.0437 2516 Fips - ok
21:47:46.0468 2516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:47:46.0593 2516 Flpydisk - ok
21:47:46.0703 2516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:47:46.0812 2516 FltMgr - ok
21:47:47.0031 2516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:47:47.0156 2516 Fs_Rec - ok
21:47:47.0265 2516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:47:47.0375 2516 Ftdisk - ok
21:47:47.0453 2516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:47:47.0453 2516 GEARAspiWDM - ok
21:47:47.0546 2516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:47:47.0671 2516 Gpc - ok
21:47:47.0859 2516 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:47:47.0984 2516 HDAudBus - ok
21:47:48.0078 2516 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:47:48.0187 2516 hidusb - ok
21:47:48.0359 2516 hpn - ok
21:47:48.0468 2516 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:47:48.0593 2516 HSFHWBS2 - ok
21:47:48.0750 2516 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:47:48.0937 2516 HSF_DPV - ok
21:47:49.0140 2516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:47:49.0203 2516 HTTP - ok
21:47:49.0265 2516 i2omgmt - ok
21:47:49.0296 2516 i2omp - ok
21:47:49.0359 2516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:47:49.0468 2516 i8042prt - ok
21:47:50.0093 2516 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:47:51.0000 2516 ialm - ok
21:47:51.0156 2516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:51.0281 2516 Imapi - ok
21:47:51.0359 2516 ini910u - ok
21:47:51.0750 2516 IntcAzAudAddService (d9be52660d8f0bbf28a8ffd1d1bbd6fb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:47:52.0921 2516 IntcAzAudAddService - ok
21:47:53.0062 2516 IntelIde - ok
21:47:53.0187 2516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:53.0281 2516 intelppm - ok
21:47:53.0484 2516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:53.0593 2516 Ip6Fw - ok
21:47:53.0875 2516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:54.0000 2516 IpFilterDriver - ok
21:47:54.0140 2516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:54.0250 2516 IpInIp - ok
21:47:54.0375 2516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:54.0500 2516 IpNat - ok
21:47:54.0703 2516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:54.0812 2516 IPSec - ok
21:47:55.0062 2516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:55.0218 2516 IRENUM - ok
21:47:55.0406 2516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:55.0500 2516 isapnp - ok
21:47:55.0625 2516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:55.0750 2516 Kbdclass - ok
21:47:56.0062 2516 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:47:56.0156 2516 kbdhid - ok
21:47:56.0328 2516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:47:56.0421 2516 kmixer - ok
21:47:56.0625 2516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:56.0734 2516 KSecDD - ok
21:47:56.0984 2516 lbrtfdc - ok
21:47:57.0062 2516 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:47:57.0078 2516 LVPr2Mon - ok
21:47:57.0156 2516 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:47:57.0171 2516 LVRS - ok
21:47:57.0265 2516 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:47:57.0265 2516 LVUSBSta - ok
21:47:57.0953 2516 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:47:58.0640 2516 LVUVC - ok
21:47:58.0937 2516 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
21:47:59.0031 2516 ManyCam - ok
21:47:59.0359 2516 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:47:59.0390 2516 mdmxsdk - ok
21:47:59.0515 2516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:59.0625 2516 mnmdd - ok
21:47:59.0687 2516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:47:59.0796 2516 Modem - ok
21:47:59.0890 2516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:48:00.0000 2516 Mouclass - ok
21:48:00.0109 2516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:48:00.0781 2516 mouhid - ok
21:48:00.0984 2516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:48:01.0078 2516 MountMgr - ok
21:48:01.0125 2516 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
21:48:01.0234 2516 MPE - ok
21:48:01.0250 2516 mraid35x - ok
21:48:01.0312 2516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:48:01.0421 2516 MRxDAV - ok
21:48:01.0468 2516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:48:01.0578 2516 Msfs - ok
21:48:01.0609 2516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:48:01.0703 2516 MSKSSRV - ok
21:48:01.0734 2516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:48:01.0859 2516 MSPCLOCK - ok
21:48:01.0875 2516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:48:01.0984 2516 MSPQM - ok
21:48:02.0000 2516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:48:02.0109 2516 mssmbios - ok
21:48:02.0140 2516 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:48:02.0250 2516 MSTEE - ok
21:48:02.0328 2516 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:48:02.0390 2516 Mup - ok
21:48:02.0531 2516 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:48:02.0656 2516 NABTSFEC - ok
21:48:02.0687 2516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:48:02.0796 2516 NDIS - ok
21:48:02.0828 2516 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:48:02.0937 2516 NdisIP - ok
21:48:02.0984 2516 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:48:03.0031 2516 NdisTapi - ok
21:48:03.0078 2516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:48:03.0187 2516 Ndisuio - ok
21:48:03.0250 2516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:48:03.0359 2516 NdisWan - ok
21:48:03.0406 2516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:48:03.0468 2516 NDProxy - ok
21:48:03.0609 2516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:48:03.0718 2516 NetBIOS - ok
21:48:03.0765 2516 NetBT (40e65c560013869f14eceb904f15390d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:48:03.0781 2516 NetBT ( Virus.Win32.ZAccess.c ) - infected
21:48:03.0781 2516 NetBT - detected Virus.Win32.ZAccess.c (0)
21:48:03.0843 2516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:48:03.0953 2516 Npfs - ok
21:48:04.0031 2516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:48:04.0156 2516 Ntfs - ok
21:48:04.0203 2516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:48:04.0296 2516 Null - ok
21:48:04.0328 2516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:48:04.0437 2516 NwlnkFlt - ok
21:48:04.0500 2516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:48:04.0609 2516 NwlnkFwd - ok
21:48:04.0656 2516 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:48:04.0765 2516 NwlnkIpx - ok
21:48:04.0828 2516 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:48:04.0953 2516 NwlnkNb - ok
21:48:04.0984 2516 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:48:05.0078 2516 NwlnkSpx - ok
21:48:05.0093 2516 OMCI - ok
21:48:05.0109 2516 PalmUSBD - ok
21:48:05.0187 2516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:48:05.0281 2516 Parport - ok
21:48:05.0343 2516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:48:05.0453 2516 PartMgr - ok
21:48:05.0531 2516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:48:05.0640 2516 ParVdm - ok
21:48:05.0687 2516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:48:05.0796 2516 PCI - ok
21:48:05.0828 2516 PCIDump - ok
21:48:05.0875 2516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:48:05.0984 2516 PCIIde - ok
21:48:06.0078 2516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:48:06.0203 2516 Pcmcia - ok
21:48:06.0234 2516 PDCOMP - ok
21:48:06.0250 2516 PDFRAME - ok
21:48:06.0265 2516 PDRELI - ok
21:48:06.0281 2516 PDRFRAME - ok
21:48:06.0296 2516 perc2 - ok
21:48:06.0312 2516 perc2hib - ok
21:48:06.0390 2516 PID_0928 (3551190e9cf1eb4c0971bdef4269ca25) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
21:48:06.0406 2516 PID_0928 - ok
21:48:06.0468 2516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:48:06.0578 2516 PptpMiniport - ok
21:48:06.0625 2516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:48:06.0750 2516 PSched - ok
21:48:06.0781 2516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:48:06.0890 2516 Ptilink - ok
21:48:06.0937 2516 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:48:06.0953 2516 PxHelp20 - ok
21:48:06.0968 2516 ql1080 - ok
21:48:06.0984 2516 Ql10wnt - ok
21:48:07.0000 2516 ql12160 - ok
21:48:07.0015 2516 ql1240 - ok
21:48:07.0031 2516 ql1280 - ok
21:48:07.0062 2516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:48:07.0171 2516 RasAcd - ok
21:48:07.0218 2516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:48:07.0328 2516 Rasl2tp - ok
21:48:07.0421 2516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:48:07.0531 2516 RasPppoe - ok
21:48:07.0625 2516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:48:07.0734 2516 Raspti - ok
21:48:07.0968 2516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:48:08.0109 2516 Rdbss - ok
21:48:08.0312 2516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:48:08.0421 2516 RDPCDD - ok
21:48:08.0468 2516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:48:08.0578 2516 rdpdr - ok
21:48:08.0625 2516 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:48:08.0687 2516 RDPWD - ok
21:48:08.0828 2516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:48:08.0953 2516 redbook - ok
21:48:09.0015 2516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:48:09.0218 2516 Secdrv - ok
21:48:09.0437 2516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:48:09.0546 2516 Serial - ok
21:48:09.0718 2516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:48:09.0828 2516 Sfloppy - ok
21:48:09.0937 2516 Simbad - ok
21:48:10.0031 2516 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:48:10.0125 2516 SLIP - ok
21:48:10.0234 2516 SNDFCAM (184be5e3172b3839755b5321c34219ca) C:\WINDOWS\system32\DRIVERS\sndfcam.sys
21:48:10.0343 2516 SNDFCAM - ok
21:48:10.0484 2516 Sparrow - ok
21:48:10.0640 2516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:48:10.0734 2516 splitter - ok
21:48:10.0906 2516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:48:11.0062 2516 sr - ok
21:48:11.0250 2516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:48:11.0421 2516 Srv - ok
21:48:11.0578 2516 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:48:11.0703 2516 streamip - ok
21:48:11.0875 2516 SUPERWEBCAM (88a75bff38e6da6975950c8576442842) C:\WINDOWS\system32\DRIVERS\superwebcam.sys
21:48:11.0875 2516 SUPERWEBCAM ( UnsignedFile.Multi.Generic ) - warning
21:48:11.0875 2516 SUPERWEBCAM - detected UnsignedFile.Multi.Generic (1)
21:48:12.0109 2516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:48:12.0203 2516 swenum - ok
21:48:12.0468 2516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:48:12.0578 2516 swmidi - ok
21:48:12.0781 2516 symc810 - ok
21:48:12.0968 2516 symc8xx - ok
21:48:13.0046 2516 sym_hi - ok
21:48:13.0140 2516 sym_u3 - ok
21:48:13.0265 2516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:48:13.0359 2516 sysaudio - ok
21:48:13.0828 2516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:48:14.0125 2516 Tcpip - ok
21:48:14.0468 2516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:48:14.0593 2516 TDPIPE - ok
21:48:14.0765 2516 tdpipee - ok
21:48:14.0843 2516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:48:14.0953 2516 TDTCP - ok
21:48:15.0265 2516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:48:15.0375 2516 TermDD - ok
21:48:15.0531 2516 TosIde - ok
21:48:15.0625 2516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:48:15.0765 2516 Udfs - ok
21:48:15.0921 2516 ultra - ok
21:48:16.0015 2516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:48:16.0171 2516 Update - ok
21:48:16.0343 2516 USB28xxBGA - ok
21:48:16.0406 2516 USB28xxOEM - ok
21:48:16.0468 2516 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:48:16.0484 2516 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:48:16.0484 2516 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:48:16.0562 2516 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:48:16.0687 2516 usbaudio - ok
21:48:16.0968 2516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:48:17.0093 2516 usbccgp - ok
21:48:17.0250 2516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:48:17.0375 2516 usbehci - ok
21:48:17.0812 2516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:48:17.0968 2516 usbhub - ok
21:48:18.0093 2516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:48:18.0187 2516 usbprint - ok
21:48:18.0468 2516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:48:18.0609 2516 usbscan - ok
21:48:19.0031 2516 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:48:19.0140 2516 usbstor - ok
21:48:19.0406 2516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:48:19.0515 2516 usbuhci - ok
21:48:20.0312 2516 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:48:21.0421 2516 usbvideo - ok
21:48:21.0703 2516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:48:21.0828 2516 VgaSave - ok
21:48:22.0000 2516 ViaIde - ok
21:48:22.0062 2516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:48:22.0171 2516 VolSnap - ok
21:48:22.0390 2516 vpdmcxgobdwqipjk - ok
21:48:22.0562 2516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:48:22.0687 2516 Wanarp - ok
21:48:22.0875 2516 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:48:22.0921 2516 wanatw - ok
21:48:23.0093 2516 WDICA - ok
21:48:23.0234 2516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:48:23.0343 2516 wdmaud - ok
21:48:23.0515 2516 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:48:23.0703 2516 winachsf - ok
21:48:23.0859 2516 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:48:23.0968 2516 WpdUsb - ok
21:48:24.0171 2516 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:48:24.0281 2516 WS2IFSL - ok
21:48:24.0625 2516 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:48:24.0718 2516 WSTCODEC - ok
21:48:25.0046 2516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:48:25.0140 2516 WudfPf - ok
21:48:25.0390 2516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:48:25.0421 2516 WudfRd - ok
21:48:25.0531 2516 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
21:48:25.0562 2516 WUSB54GPV4SRV ( UnsignedFile.Multi.Generic ) - warning
21:48:25.0562 2516 WUSB54GPV4SRV - detected UnsignedFile.Multi.Generic (1)
21:48:25.0609 2516 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:48:25.0984 2516 \Device\Harddisk0\DR0 - ok
21:48:25.0984 2516 Boot (0x1200) (0eed53a570fb944f9c850c61e0f607bb) \Device\Harddisk0\DR0\Partition0
21:48:26.0000 2516 \Device\Harddisk0\DR0\Partition0 - ok
21:48:26.0000 2516 ============================================================
21:48:26.0000 2516 Scan finished
21:48:26.0000 2516 ============================================================
21:48:26.0093 3836 Detected object count: 5
21:48:26.0093 3836 Actual detected object count: 5
21:48:39.0593 3836 BCM42RLY ( UnsignedFile.Multi.Generic ) - skipped by user
21:48:39.0593 3836 BCM42RLY ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:48:39.0593 3836 NetBT ( Virus.Win32.ZAccess.c ) - skipped by user
21:48:39.0593 3836 NetBT ( Virus.Win32.ZAccess.c ) - User select action: Skip
21:48:39.0593 3836 SUPERWEBCAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:48:39.0593 3836 SUPERWEBCAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:48:39.0593 3836 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:48:39.0593 3836 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:48:39.0593 3836 WUSB54GPV4SRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:48:39.0593 3836 WUSB54GPV4SRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 11 February 2012 - 10:04 PM

OK


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



NEXT


Go ahead and re-run TDSSKiller and allow it to cure only the malicious entries, please post the resulting log.

Edited by CatByte, 11 February 2012 - 10:05 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 February 2012 - 10:17 PM

Here

ComboFix 12-02-10.03 - Dougherty 02/11/2012
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1508 [GMT -5:00]
Running from: I:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB25344$\1743088209
c:\windows\$NtUninstallKB25344$\3006189614\@
c:\windows\$NtUninstallKB25344$\3006189614\cfg.ini
c:\windows\$NtUninstallKB25344$\3006189614\Desktop.ini
c:\windows\$NtUninstallKB25344$\3006189614\L\jdddgalm
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\system32\dllcache\afd.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 20:31 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-11 20:05 . 2008-04-14 05:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-11 18:47 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2012-02-11 08:39 . 2012-02-11 08:39 -------- d-----w- C:\$AVG
2012-02-11 02:45 . 2012-02-11 02:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-02-11 02:10 . 2012-02-11 02:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-11 02:10 . 2012-02-11 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-02-11 01:31 . 2011-10-01 03:36 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-07 01:58 . 2012-02-11 03:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-03 01:58 . 2012-02-03 01:58 -------- d-----w- c:\program files\Common Files\Skype
2012-02-03 01:58 . 2012-02-03 01:58 -------- d-----r- c:\program files\Skype
2012-01-29 21:09 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-29 21:08 . 2012-01-29 21:08 -------- d-----w- c:\windows\Logs
2012-01-29 21:07 . 2012-01-29 21:07 -------- d-----w- c:\program files\Sony Online Entertainment
2012-01-16 07:42 . 2012-01-16 07:42 -------- d-----w- c:\documents and settings\Dougherty\Application Data\HD Tune Pro
2012-01-16 07:41 . 2012-01-16 15:48 -------- d-----w- c:\program files\HD Tune Pro
2012-01-16 07:33 . 2012-01-20 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 18:54 . 2011-09-24 18:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-07 03:27 . 2004-08-04 10:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-29 21:12 . 2011-05-14 14:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 21:15 . 2008-01-23 10:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-15 21:15 . 2008-01-23 10:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-10 20:24 . 2010-03-06 00:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 10:00 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
2002-08-29 13:41 . 2008-09-03 21:45 401462 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll
2002-08-29 13:41 . 2008-09-03 21:45 323072 ----a-w- c:\program files\mozilla firefox\plugins\msvcrt.dll
2012-02-01 18:15 . 2011-12-29 17:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HostManager"="c:\program files\Common Files\AOL\1204841587\ee\AOLSoftware.exe" [2007-05-25 42032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-15 296056]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\documents and settings\Dougherty\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2011-12-1 74752]
UniversalCallerID.lnk - c:\program files\UniversalCallerID\UniversalCallerID.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Philips FunCam Monitor.lnk - c:\program files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [2010-4-16 192512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dougherty^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Dougherty\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 20:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 20:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-26 05:19 136176 ----atw- c:\documents and settings\Dougherty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1204841587\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-09-02 18:09 16851456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 22:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-19 17:26 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2011-10-02 23:47 1561232 ----a-w- c:\program files\WebcamMax\WebcamMax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"Bonjour Service"=2 (0x2)
"LexBceS"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"WUSB54Gv42SVC"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204841587\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Radio Toolbox\\rtb.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\SHOUTcast\\8002\\sc_serv.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Dougherty\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NSVtools\\nsvcap.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"8000:TCP"= 8000:TCP:Shoutcast
"19610:TCP"= 19610:TCP:Bittorrent
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1900:TCP"= 1900:TCP:Windows Media Player Network Sharing Service
"10280:TCP"= 10280:TCP:Windows Media Player Network Sharing Service
"3074:TCP"= 3074:TCP:XBox
"3074:UDP"= 3074:UDP:Xbox
"88:UDP"= 88:UDP:Xbox
"53:TCP"= 53:TCP:Xbox
"53:UDP"= 53:UDP:Xbox
"5061:TCP"= 5061:TCP:Windows Live Messneger
"5004:UDP"= 5004:UDP:Windows Live Messneger
"65525:UDP"= 65525:UDP:Windows Live Messenger
"25:TCP"= 25:TCP:Outlook
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [07/11/2011 1:14 AM 23120]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [08/02/2011 6:09 AM 192776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [01/13/2011 2:14 AM 21992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [07/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [07/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/04/2011 6:21 AM 16720]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [01/14/2008 5:06 AM 21632]
S1 tdpipee;tdpipee;c:\windows\system32\drivers\tdpipee.sys --> c:\windows\system32\drivers\tdpipee.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/2010 1:16 PM 130384]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [02/14/2011 3:00 PM 42432]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 11:09 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 11:09 PM 135664]
S3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [02/19/2010 6:44 AM 1116656]
S3 SNDFCAM;Philips FunCam;c:\windows\system32\drivers\sndfcam.sys [03/06/2008 11:20 PM 219008]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [04/25/2009 7:56 PM 31872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/2010 1:16 PM 753504]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [09/13/2011 6:30 AM 32592]
S4 Windows Services Control;Windows Services Control;c:\windows\inf\service.exe --> c:\windows\inf\service.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
useraccess7
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 04:09]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 04:09]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1788223648-839522115-1003Core.job
- c:\documents and settings\Dougherty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 05:19]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1788223648-839522115-1003UA.job
- c:\documents and settings\Dougherty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 05:19]
.
2011-03-25 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-03-15 03:59]
.
2012-02-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1788223648-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1788223648-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2011-03-07 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-02-16 22:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: Ustream Publisher - hxxp://static.ustream.tv/plugin/ustream_publisher.cab
FF - ProfilePath - c:\documents and settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 15:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB25344$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\wanmpsvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG2012\avgui.exe
c:\windows\system32\taskmgr.exe
c:\program files\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-02-11 21:10:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 20:40
ComboFix2.txt 2012-02-11 01:42
ComboFix3.txt 2012-02-07 18:37
ComboFix4.txt 2011-10-07 20:19
ComboFix5.txt 2012-02-11 19:54
.
Pre-Run: 26,184,802,304 bytes free
Post-Run: 26,212,315,136 bytes free
.
- - End Of File - - 02E28B1210D7C3C8D3848AE4D8F87A05


22:07:50.0796 1860 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
22:07:51.0078 1860 ============================================================
22:07:51.0078 1860 Current date / time: 2012/02/11 22:07:51.0078
22:07:51.0078 1860 SystemInfo:
22:07:51.0078 1860
22:07:51.0078 1860 OS Version: 5.1.2600 ServicePack: 3.0
22:07:51.0078 1860 Product type: Workstation
22:07:51.0078 1860 ComputerName: HOME
22:07:51.0078 1860 UserName: Dougherty
22:07:51.0078 1860 Windows directory: C:\WINDOWS
22:07:51.0078 1860 System windows directory: C:\WINDOWS
22:07:51.0078 1860 Processor architecture: Intel x86
22:07:51.0078 1860 Number of processors: 2
22:07:51.0078 1860 Page size: 0x1000
22:07:51.0078 1860 Boot type: Normal boot
22:07:51.0078 1860 ============================================================
22:07:54.0078 1860 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:07:54.0109 1860 \Device\Harddisk0\DR0:
22:07:54.0109 1860 MBR used
22:07:54.0109 1860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
22:07:54.0140 1860 Initialize success
22:07:54.0140 1860 ============================================================
22:07:59.0843 3432 ============================================================
22:07:59.0843 3432 Scan started
22:07:59.0843 3432 Mode: Manual; TDLFS;
22:07:59.0843 3432 ============================================================
22:08:00.0171 3432 Abiosdsk - ok
22:08:00.0171 3432 abp480n5 - ok
22:08:00.0218 3432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:08:00.0218 3432 ACPI - ok
22:08:00.0265 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:08:00.0265 3432 ACPIEC - ok
22:08:00.0281 3432 adpu160m - ok
22:08:00.0328 3432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:08:00.0343 3432 aec - ok
22:08:00.0375 3432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:08:00.0375 3432 AFD - ok
22:08:00.0375 3432 Aha154x - ok
22:08:00.0390 3432 aic78u2 - ok
22:08:00.0390 3432 aic78xx - ok
22:08:00.0406 3432 AliIde - ok
22:08:00.0406 3432 amsint - ok
22:08:00.0437 3432 asc - ok
22:08:00.0437 3432 asc3350p - ok
22:08:00.0453 3432 asc3550 - ok
22:08:00.0468 3432 ASPI32 - ok
22:08:00.0500 3432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:08:00.0515 3432 AsyncMac - ok
22:08:00.0515 3432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:08:00.0531 3432 atapi - ok
22:08:00.0531 3432 Atdisk - ok
22:08:00.0546 3432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:08:00.0546 3432 Atmarpc - ok
22:08:00.0593 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:08:00.0593 3432 audstub - ok
22:08:00.0625 3432 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:08:00.0625 3432 AVGIDSDriver - ok
22:08:00.0656 3432 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:08:00.0656 3432 AVGIDSEH - ok
22:08:00.0671 3432 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:08:00.0671 3432 AVGIDSFilter - ok
22:08:00.0687 3432 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:08:00.0687 3432 AVGIDSShim - ok
22:08:00.0718 3432 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:08:00.0734 3432 Avgldx86 - ok
22:08:00.0765 3432 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:08:00.0765 3432 Avgmfx86 - ok
22:08:00.0781 3432 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:08:00.0781 3432 Avgrkx86 - ok
22:08:00.0812 3432 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:08:00.0812 3432 Avgtdix - ok
22:08:00.0875 3432 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
22:08:00.0875 3432 BCM42RLY - ok
22:08:00.0921 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:08:00.0921 3432 Beep - ok
22:08:00.0937 3432 catchme - ok
22:08:00.0953 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:08:00.0953 3432 cbidf2k - ok
22:08:01.0000 3432 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:08:01.0000 3432 CCDECODE - ok
22:08:01.0015 3432 cd20xrnt - ok
22:08:01.0031 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:08:01.0031 3432 Cdaudio - ok
22:08:01.0062 3432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:08:01.0062 3432 Cdfs - ok
22:08:01.0078 3432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:08:01.0078 3432 Cdrom - ok
22:08:01.0093 3432 cercsr6 - ok
22:08:01.0109 3432 Changer - ok
22:08:01.0125 3432 CmdIde - ok
22:08:01.0140 3432 Cpqarray - ok
22:08:01.0171 3432 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
22:08:01.0171 3432 cpuz135 - ok
22:08:01.0187 3432 dac2w2k - ok
22:08:01.0187 3432 dac960nt - ok
22:08:01.0250 3432 DIGIRPS (9ae322f68cb80e6b1681b3a650e93edd) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
22:08:01.0250 3432 DIGIRPS - ok
22:08:01.0296 3432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:08:01.0296 3432 Disk - ok
22:08:01.0328 3432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:08:01.0328 3432 dmboot - ok
22:08:01.0343 3432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:08:01.0343 3432 dmio - ok
22:08:01.0343 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:08:01.0359 3432 dmload - ok
22:08:01.0375 3432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:08:01.0375 3432 DMusic - ok
22:08:01.0390 3432 dpti2o - ok
22:08:01.0406 3432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:08:01.0406 3432 drmkaud - ok
22:08:01.0437 3432 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:08:01.0453 3432 e1express - ok
22:08:01.0531 3432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:08:01.0531 3432 Fastfat - ok
22:08:01.0546 3432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:08:01.0546 3432 Fdc - ok
22:08:01.0562 3432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:08:01.0562 3432 Fips - ok
22:08:01.0578 3432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:08:01.0578 3432 Flpydisk - ok
22:08:01.0625 3432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:08:01.0625 3432 FltMgr - ok
22:08:01.0640 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:08:01.0640 3432 Fs_Rec - ok
22:08:01.0640 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:08:01.0656 3432 Ftdisk - ok
22:08:01.0703 3432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:08:01.0703 3432 GEARAspiWDM - ok
22:08:01.0718 3432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:08:01.0734 3432 Gpc - ok
22:08:01.0750 3432 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:08:01.0765 3432 HDAudBus - ok
22:08:01.0781 3432 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:08:01.0781 3432 hidusb - ok
22:08:01.0812 3432 hpn - ok
22:08:01.0843 3432 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:08:01.0859 3432 HSFHWBS2 - ok
22:08:01.0875 3432 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:08:01.0921 3432 HSF_DPV - ok
22:08:02.0000 3432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:08:02.0000 3432 HTTP - ok
22:08:02.0015 3432 i2omgmt - ok
22:08:02.0031 3432 i2omp - ok
22:08:02.0078 3432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
22:08:02.0078 3432 i8042prt - ok
22:08:02.0218 3432 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:08:02.0531 3432 ialm - ok
22:08:02.0640 3432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:08:02.0640 3432 Imapi - ok
22:08:02.0656 3432 ini910u - ok
22:08:02.0781 3432 IntcAzAudAddService (d9be52660d8f0bbf28a8ffd1d1bbd6fb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:08:02.0859 3432 IntcAzAudAddService - ok
22:08:02.0921 3432 IntelIde - ok
22:08:02.0968 3432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:08:02.0968 3432 intelppm - ok
22:08:03.0000 3432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:08:03.0000 3432 Ip6Fw - ok
22:08:03.0031 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:08:03.0031 3432 IpFilterDriver - ok
22:08:03.0140 3432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:08:03.0140 3432 IpInIp - ok
22:08:03.0156 3432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:08:03.0156 3432 IpNat - ok
22:08:03.0218 3432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:08:03.0218 3432 IPSec - ok
22:08:03.0250 3432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:08:03.0250 3432 IRENUM - ok
22:08:03.0265 3432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:08:03.0265 3432 isapnp - ok
22:08:03.0281 3432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:08:03.0281 3432 Kbdclass - ok
22:08:03.0296 3432 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:08:03.0296 3432 kbdhid - ok
22:08:03.0312 3432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:08:03.0312 3432 kmixer - ok
22:08:03.0343 3432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:08:03.0343 3432 KSecDD - ok
22:08:03.0359 3432 lbrtfdc - ok
22:08:03.0421 3432 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:08:03.0421 3432 LVPr2Mon - ok
22:08:03.0468 3432 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys
22:08:03.0484 3432 LVRS - ok
22:08:03.0515 3432 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
22:08:03.0515 3432 LVUSBSta - ok
22:08:03.0640 3432 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:08:03.0750 3432 LVUVC - ok
22:08:03.0796 3432 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
22:08:03.0796 3432 ManyCam - ok
22:08:03.0843 3432 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:08:03.0843 3432 mdmxsdk - ok
22:08:03.0875 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:08:03.0875 3432 mnmdd - ok
22:08:03.0921 3432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:08:03.0921 3432 Modem - ok
22:08:03.0937 3432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:08:03.0937 3432 Mouclass - ok
22:08:03.0953 3432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:08:03.0953 3432 mouhid - ok
22:08:03.0984 3432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:08:03.0984 3432 MountMgr - ok
22:08:04.0015 3432 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:08:04.0015 3432 MPE - ok
22:08:04.0031 3432 mraid35x - ok
22:08:04.0078 3432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:08:04.0078 3432 MRxDAV - ok
22:08:04.0109 3432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:08:04.0109 3432 Msfs - ok
22:08:04.0125 3432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:08:04.0125 3432 MSKSSRV - ok
22:08:04.0140 3432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:08:04.0140 3432 MSPCLOCK - ok
22:08:04.0156 3432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:08:04.0156 3432 MSPQM - ok
22:08:04.0171 3432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:08:04.0171 3432 mssmbios - ok
22:08:04.0203 3432 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:08:04.0203 3432 MSTEE - ok
22:08:04.0250 3432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:08:04.0250 3432 Mup - ok
22:08:04.0312 3432 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:08:04.0312 3432 NABTSFEC - ok
22:08:04.0328 3432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:08:04.0328 3432 NDIS - ok
22:08:04.0343 3432 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:08:04.0343 3432 NdisIP - ok
22:08:04.0390 3432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:08:04.0390 3432 NdisTapi - ok
22:08:04.0437 3432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:08:04.0437 3432 Ndisuio - ok
22:08:04.0453 3432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:08:04.0453 3432 NdisWan - ok
22:08:04.0484 3432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:08:04.0484 3432 NDProxy - ok
22:08:04.0531 3432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:08:04.0531 3432 NetBIOS - ok
22:08:04.0578 3432 NetBT (40e65c560013869f14eceb904f15390d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:08:04.0578 3432 NetBT ( Virus.Win32.ZAccess.c ) - infected
22:08:04.0578 3432 NetBT - detected Virus.Win32.ZAccess.c (0)
22:08:04.0593 3432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:08:04.0593 3432 Npfs - ok
22:08:04.0625 3432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:08:04.0640 3432 Ntfs - ok
22:08:04.0671 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:08:04.0671 3432 Null - ok
22:08:04.0703 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:08:04.0703 3432 NwlnkFlt - ok
22:08:04.0718 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:08:04.0718 3432 NwlnkFwd - ok
22:08:04.0750 3432 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
22:08:04.0765 3432 NwlnkIpx - ok
22:08:04.0796 3432 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
22:08:04.0796 3432 NwlnkNb - ok
22:08:04.0812 3432 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
22:08:04.0812 3432 NwlnkSpx - ok
22:08:04.0828 3432 OMCI - ok
22:08:04.0828 3432 PalmUSBD - ok
22:08:04.0875 3432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:08:04.0875 3432 Parport - ok
22:08:04.0890 3432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:08:04.0906 3432 PartMgr - ok
22:08:04.0937 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:08:04.0937 3432 ParVdm - ok
22:08:04.0984 3432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:08:04.0984 3432 PCI - ok
22:08:05.0000 3432 PCIDump - ok
22:08:05.0015 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:08:05.0015 3432 PCIIde - ok
22:08:05.0046 3432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:08:05.0046 3432 Pcmcia - ok
22:08:05.0046 3432 PDCOMP - ok
22:08:05.0062 3432 PDFRAME - ok
22:08:05.0062 3432 PDRELI - ok
22:08:05.0078 3432 PDRFRAME - ok
22:08:05.0078 3432 perc2 - ok
22:08:05.0093 3432 perc2hib - ok
22:08:05.0156 3432 PID_0928 (3551190e9cf1eb4c0971bdef4269ca25) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
22:08:05.0156 3432 PID_0928 - ok
22:08:05.0218 3432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:08:05.0218 3432 PptpMiniport - ok
22:08:05.0265 3432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:08:05.0265 3432 PSched - ok
22:08:05.0296 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:08:05.0296 3432 Ptilink - ok
22:08:05.0328 3432 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:08:05.0328 3432 PxHelp20 - ok
22:08:05.0328 3432 ql1080 - ok
22:08:05.0343 3432 Ql10wnt - ok
22:08:05.0343 3432 ql12160 - ok
22:08:05.0359 3432 ql1240 - ok
22:08:05.0359 3432 ql1280 - ok
22:08:05.0375 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:08:05.0375 3432 RasAcd - ok
22:08:05.0421 3432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:08:05.0421 3432 Rasl2tp - ok
22:08:05.0437 3432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:08:05.0437 3432 RasPppoe - ok
22:08:05.0453 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:08:05.0453 3432 Raspti - ok
22:08:05.0468 3432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:08:05.0468 3432 Rdbss - ok
22:08:05.0468 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:08:05.0484 3432 RDPCDD - ok
22:08:05.0500 3432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:08:05.0500 3432 rdpdr - ok
22:08:05.0546 3432 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:08:05.0546 3432 RDPWD - ok
22:08:05.0593 3432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:08:05.0593 3432 redbook - ok
22:08:05.0640 3432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:08:05.0640 3432 Secdrv - ok
22:08:05.0656 3432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:08:05.0656 3432 Serial - ok
22:08:05.0687 3432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:08:05.0687 3432 Sfloppy - ok
22:08:05.0734 3432 Simbad - ok
22:08:05.0750 3432 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:08:05.0750 3432 SLIP - ok
22:08:05.0796 3432 SNDFCAM (184be5e3172b3839755b5321c34219ca) C:\WINDOWS\system32\DRIVERS\sndfcam.sys
22:08:05.0812 3432 SNDFCAM - ok
22:08:05.0812 3432 Sparrow - ok
22:08:05.0859 3432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:08:05.0859 3432 splitter - ok
22:08:05.0875 3432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:08:05.0875 3432 sr - ok
22:08:05.0921 3432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:08:05.0937 3432 Srv - ok
22:08:05.0984 3432 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:08:05.0984 3432 streamip - ok
22:08:06.0031 3432 SUPERWEBCAM (88a75bff38e6da6975950c8576442842) C:\WINDOWS\system32\DRIVERS\superwebcam.sys
22:08:06.0031 3432 SUPERWEBCAM - ok
22:08:06.0046 3432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:08:06.0046 3432 swenum - ok
22:08:06.0109 3432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:08:06.0109 3432 swmidi - ok
22:08:06.0109 3432 symc810 - ok
22:08:06.0125 3432 symc8xx - ok
22:08:06.0125 3432 sym_hi - ok
22:08:06.0140 3432 sym_u3 - ok
22:08:06.0187 3432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:08:06.0187 3432 sysaudio - ok
22:08:06.0218 3432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:08:06.0218 3432 Tcpip - ok
22:08:06.0234 3432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:08:06.0234 3432 TDPIPE - ok
22:08:06.0250 3432 tdpipee - ok
22:08:06.0265 3432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:08:06.0265 3432 TDTCP - ok
22:08:06.0281 3432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:08:06.0281 3432 TermDD - ok
22:08:06.0281 3432 TosIde - ok
22:08:06.0328 3432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:08:06.0328 3432 Udfs - ok
22:08:06.0328 3432 ultra - ok
22:08:06.0375 3432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:08:06.0390 3432 Update - ok
22:08:06.0390 3432 USB28xxBGA - ok
22:08:06.0406 3432 USB28xxOEM - ok
22:08:06.0437 3432 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:08:06.0437 3432 USBAAPL - ok
22:08:06.0484 3432 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:08:06.0484 3432 usbaudio - ok
22:08:06.0531 3432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:08:06.0531 3432 usbccgp - ok
22:08:06.0578 3432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:08:06.0578 3432 usbehci - ok
22:08:06.0625 3432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:08:06.0625 3432 usbhub - ok
22:08:06.0640 3432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:08:06.0640 3432 usbprint - ok
22:08:06.0671 3432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:08:06.0671 3432 usbscan - ok
22:08:06.0687 3432 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:08:06.0687 3432 usbstor - ok
22:08:06.0703 3432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:08:06.0703 3432 usbuhci - ok
22:08:06.0765 3432 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:08:06.0765 3432 usbvideo - ok
22:08:06.0781 3432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:08:06.0781 3432 VgaSave - ok
22:08:06.0781 3432 ViaIde - ok
22:08:06.0796 3432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:08:06.0812 3432 VolSnap - ok
22:08:06.0812 3432 vpdmcxgobdwqipjk - ok
22:08:06.0843 3432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:08:06.0843 3432 Wanarp - ok
22:08:06.0875 3432 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:08:06.0875 3432 wanatw - ok
22:08:06.0890 3432 WDICA - ok
22:08:06.0906 3432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:08:06.0906 3432 wdmaud - ok
22:08:06.0953 3432 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:08:06.0968 3432 winachsf - ok
22:08:07.0000 3432 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:08:07.0000 3432 WpdUsb - ok
22:08:07.0046 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:08:07.0046 3432 WS2IFSL - ok
22:08:07.0093 3432 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:08:07.0093 3432 WSTCODEC - ok
22:08:07.0125 3432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:08:07.0125 3432 WudfPf - ok
22:08:07.0140 3432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:08:07.0140 3432 WudfRd - ok
22:08:07.0203 3432 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
22:08:07.0203 3432 WUSB54GPV4SRV - ok
22:08:07.0218 3432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:08:07.0359 3432 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:08:07.0359 3432 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:08:07.0359 3432 Boot (0x1200) (0eed53a570fb944f9c850c61e0f607bb) \Device\Harddisk0\DR0\Partition0
22:08:07.0359 3432 \Device\Harddisk0\DR0\Partition0 - ok
22:08:07.0359 3432 ============================================================
22:08:07.0359 3432 Scan finished
22:08:07.0359 3432 ============================================================
22:08:07.0359 1556 Detected object count: 2
22:08:07.0359 1556 Actual detected object count: 2
22:08:15.0281 1556 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
22:08:15.0296 1556 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
22:08:18.0828 1556 Backup copy found, using it..
22:08:18.0875 1556 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
22:08:20.0046 1556 NetBT ( Virus.Win32.ZAccess.c ) - User select action: Cure
22:08:20.0093 1556 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
22:08:20.0109 1556 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:08:20.0109 1556 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
22:08:20.0109 1556 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:08:20.0109 1556 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:08:20.0109 1556 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:08:20.0140 1556 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:08:20.0140 1556 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:08:20.0156 1556 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:08:20.0156 1556 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:08:20.0156 1556 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
22:08:23.0687 0720 Deinitialize success

#6 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 February 2012 - 03:49 AM

I ran a 2nd combo fix right before bed.

Attached Files

  • Attached File  log.txt   172.12KB   2 downloads

Edited by rocknsock, 12 February 2012 - 03:50 AM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 12 February 2012 - 11:06 AM

Hi

Please run the following:

Please download Listparts

Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

NEXT



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 February 2012 - 11:24 AM

Here Ya Go

ListParts by Farbar
Ran by Dougherty on 12-02-2012 at 11:08:23
Windows XP (X86)
Running From: C:\Documents and Settings\Dougherty\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 71%
Total physical RAM: 2037.1 MB
Available physical RAM: 590.5 MB
Total Pagefile: 3929.97 MB
Available Pagefile: 2708.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 2005.53 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.82 GB) (Free:25.86 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 233 GB Healthy System (partition with boot components)

'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


****** End Of Log ******

OTL logfile created on: 02/12/2012 11:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dougherty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.78% Memory free
3.84 Gb Paging File | 2.64 Gb Available in Paging File | 68.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 25.86 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Dougherty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 11:07:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dougherty\Desktop\OTL.exe
PRC - [2012/02/01 13:15:15 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/15 16:15:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/12/01 10:01:06 | 000,074,752 | ---- | M] () -- C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/03/11 18:29:51 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2005/01/28 16:00:48 | 000,192,512 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
PRC - [2001/11/26 18:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 13:15:15 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/08 14:09:22 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}\components\RadioWMPCoreGecko10.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/01 10:01:06 | 000,074,752 | ---- | M] () -- C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
MOD - [2011/11/15 11:04:48 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/12 23:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files\ManyCam\Bin\cximagecrt.dll
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/09/16 15:21:34 | 000,237,568 | ---- | M] () -- C:\WINDOWS\system32\sndfcam.dll
MOD - [2003/10/21 15:45:56 | 000,442,368 | ---- | M] () -- C:\Program Files\Philips Photo Manager\FunCam\FPXLIB.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XAudioService)
SRV - File not found [Disabled | Stopped] -- -- (Windows Services Control)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 06:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
SRV - [2009/12/15 20:40:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/14 05:42:38 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\ScFBPNT2.dll -- (useraccess7)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2001/11/26 18:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/09/02 16:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 20:56:20 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/06/20 12:08:20 | 000,987,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 12:07:42 | 000,268,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/06/20 12:07:38 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/27 07:56:50 | 000,031,872 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\superwebcam.sys -- (SUPERWEBCAM)
DRV - [2005/10/17 19:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/16 14:12:36 | 000,219,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndfcam.sys -- (SNDFCAM)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



IE - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dougherty\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dougherty\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dougherty\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dougherty\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/27 15:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/15 16:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/10 20:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 13:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 16:15:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Dougherty\Application Data\Move Networks [2011/01/15 23:14:45 | 000,000,000 | ---D | M]

[2009/03/26 16:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Extensions
[2009/03/26 16:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/15 21:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions
[2012/01/15 21:00:10 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009/06/25 00:37:16 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/01/08 22:48:56 | 000,000,000 | ---D | M] (MakeMeBabies 2.0 Community Toolbar) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}
[2008/12/14 18:02:22 | 000,000,000 | ---D | M] (Justin.tv Publisher) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\justintvpublisher@justin.tv
[2008/11/26 03:24:39 | 000,000,000 | ---D | M] (LetsSync Publisher) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\letssyncpublisher@letssync.com
[2009/01/24 11:37:26 | 000,000,000 | ---D | M] (Conviva LivePass (Firefox)) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\StreamingPlugin@conviva.com
[2010/03/05 16:28:36 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\searchplugins\bing-ff.xml
[2010/09/13 01:19:58 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\searchplugins\conduit.xml
[2011/12/29 12:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 12:41:24 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOUGHERTY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F16BSC8H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/10 20:58:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/01 13:15:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2002/08/29 08:41:08 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp60.dll
[2002/08/29 08:41:08 | 000,323,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcrt.dll
[2005/12/05 21:31:02 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2003/01/31 21:03:30 | 000,106,496 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\NPnsv_vp3_mp3.dll
[2009/11/20 12:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwbe.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 13:03:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\Dougherty\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe ()
O4 - Startup: C:\Documents and Settings\Dougherty\Start Menu\Programs\Startup\UniversalCallerID.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)
O16 - DPF: Ustream Publisher http://static.ustream.tv/plugin/ustream_publisher.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66CBD011-63A5-4C83-B370-7AEB31370BA7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 16:51:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/11 11:14:42 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: useraccess7 - C:\WINDOWS\system32\ScFBPNT2.dll (Oak Technology Inc.)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 11:07:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dougherty\Desktop\OTL.exe
[2012/02/12 10:54:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/12 03:46:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/12 03:10:52 | 004,402,217 | R--- | C] (Swearware) -- C:\Documents and Settings\Dougherty\Desktop\ComboFix.exe
[2012/02/11 21:47:15 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dougherty\Desktop\TDSSKiller.exe
[2012/02/11 21:43:18 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dougherty\Desktop\aswMBR.exe
[2012/02/11 17:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\virusprotection
[2012/02/11 15:04:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 15:04:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 15:04:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 11:14:42 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2012/02/11 03:39:22 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/02/10 21:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/02/10 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/02/10 20:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/04 23:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\wordpress
[2012/02/04 19:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\1989
[2012/02/04 16:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\SQL DB's
[2012/02/04 01:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\news
[2012/02/03 11:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\TheRack
[2012/02/02 20:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/02/02 20:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/02 20:58:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/29 16:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Application Data\Sony Online Entertainment
[2012/01/29 16:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\SCE
[2012/01/29 16:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/01/29 16:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2012/01/23 00:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\jackies&lindsey
[2012/01/21 21:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\2005
[2012/01/19 20:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\WTR Site Stuff
[2012/01/16 02:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Application Data\HD Tune Pro
[2012/01/16 02:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2012/01/16 02:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/01/14 20:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\1998
[2010/04/13 19:05:30 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndm360.dll
[2008/03/06 23:20:30 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\DCamRes.dll
[2008/03/06 23:20:30 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndfcam.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/12 11:15:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1788223648-839522115-1003UA.job
[2012/02/12 11:07:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dougherty\Desktop\OTL.exe
[2012/02/12 11:07:44 | 000,303,485 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\ListParts.exe
[2012/02/12 11:05:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 09:32:42 | 057,494,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/02/12 09:32:42 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2012/02/12 03:41:10 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/12 03:41:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 03:40:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1788223648-839522115-1003.job
[2012/02/12 03:40:20 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 03:40:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/12 03:10:54 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\Dougherty\Desktop\ComboFix.exe
[2012/02/11 22:22:40 | 155,005,960 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MADtv MTV Icon Salutes Whitney Houston.avi
[2012/02/11 21:52:11 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.rar
[2012/02/11 21:51:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.dat
[2012/02/11 21:43:50 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dougherty\Desktop\aswMBR.exe
[2012/02/11 21:43:33 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\tdsskiller.zip
[2012/02/11 21:06:28 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\getalbumpics.php
[2012/02/11 20:38:42 | 127,236,378 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MAD TV Whitney Houston and Bobby Brown.avi
[2012/02/11 16:15:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1788223648-839522115-1003Core.job
[2012/02/11 13:54:16 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/02/11 03:04:00 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 21:59:29 | 000,031,253 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/02/10 21:58:10 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/02/10 21:10:49 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/02/09 10:15:24 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dougherty\Desktop\TDSSKiller.exe
[2012/02/06 22:49:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1788223648-839522115-1003.job
[2012/02/06 13:50:22 | 004,386,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/06 12:01:05 | 004,433,480 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Chalkboard.jpg
[2012/02/05 11:49:42 | 000,214,156 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/04 16:12:02 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\00.rtf
[2012/02/04 16:09:17 | 000,010,336 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\07.rtf
[2012/02/04 15:19:29 | 000,007,687 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\06.rtf
[2012/02/04 14:51:05 | 000,011,340 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\05.rtf
[2012/02/04 13:49:42 | 000,031,235 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\04.rtf
[2012/02/04 12:43:20 | 000,004,709 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\03.rtf
[2012/02/04 12:23:06 | 000,003,999 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\02.rtf
[2012/02/04 12:06:35 | 000,004,543 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\01.rtf
[2012/01/31 22:39:59 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\hhhrp2.rtf
[2012/01/29 14:59:22 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2012/01/24 00:46:59 | 003,291,873 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Rocky Horror Picture Show Sweet Transvestite.mp3
[2012/01/23 15:15:58 | 000,493,320 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan2.mp3
[2012/01/23 15:13:20 | 008,190,039 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Sax Rock and Roll.mp3
[2012/01/23 14:06:23 | 001,343,764 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan.mp3
[2012/01/22 23:27:10 | 003,835,994 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\WWE Royal Rumble 2012 Theme Song 'Dark Horses' by Switchfoot + Download Link (Official) HD.mp3
[2012/01/20 01:29:43 | 000,010,773 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\DXHolidayRP.rtf
[2012/01/16 00:57:00 | 009,465,968 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\SpugMaseRipStyles.mp3
[2012/01/15 15:39:25 | 003,495,103 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Somebody-Call-My-Momma--Jim-Johnston-.mp3
[2012/01/15 00:21:31 | 004,201,521 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Party Rock Anthem LMFAO [OFFICIAL LYRICS].mp3
[2012/01/14 21:08:43 | 000,245,788 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Bloody-Heart-psd50315.png
[2012/01/13 15:59:06 | 000,007,695 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\spiderMail.zip
[2012/01/13 12:29:44 | 000,920,763 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\2012WTRIntroVO.mp3
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 11:07:44 | 000,303,485 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\ListParts.exe
[2012/02/11 22:21:31 | 155,005,960 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MADtv MTV Icon Salutes Whitney Houston.avi
[2012/02/11 21:52:11 | 000,000,492 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.rar
[2012/02/11 21:51:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.dat
[2012/02/11 21:43:28 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\tdsskiller.zip
[2012/02/11 21:06:28 | 000,001,007 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\getalbumpics.php
[2012/02/11 20:37:34 | 127,236,378 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MAD TV Whitney Houston and Bobby Brown.avi
[2012/02/11 15:04:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 15:04:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 15:04:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/10 21:58:10 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012/02/10 21:10:49 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/02/06 20:58:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/06 12:00:54 | 004,433,480 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Chalkboard.jpg
[2012/02/04 16:12:02 | 000,001,281 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\00.rtf
[2012/02/03 18:41:29 | 000,010,336 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\07.rtf
[2012/02/03 18:41:10 | 000,007,687 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\06.rtf
[2012/02/03 18:41:00 | 000,011,340 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\05.rtf
[2012/02/03 18:40:53 | 000,031,235 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\04.rtf
[2012/02/03 18:40:43 | 000,004,709 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\03.rtf
[2012/02/03 18:40:35 | 000,003,999 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\02.rtf
[2012/02/03 18:40:25 | 000,004,543 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\01.rtf
[2012/01/31 22:23:01 | 000,002,290 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\hhhrp2.rtf
[2012/01/24 00:46:49 | 003,291,873 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Rocky Horror Picture Show Sweet Transvestite.mp3
[2012/01/23 15:15:55 | 000,493,320 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan2.mp3
[2012/01/23 15:09:57 | 008,190,039 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Sax Rock and Roll.mp3
[2012/01/23 14:06:20 | 001,343,764 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan.mp3
[2012/01/22 23:26:58 | 003,835,994 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\WWE Royal Rumble 2012 Theme Song 'Dark Horses' by Switchfoot + Download Link (Official) HD.mp3
[2012/01/18 19:10:54 | 000,010,773 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\DXHolidayRP.rtf
[2012/01/16 00:56:06 | 009,465,968 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\SpugMaseRipStyles.mp3
[2012/01/15 14:56:26 | 003,495,103 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Somebody-Call-My-Momma--Jim-Johnston-.mp3
[2012/01/15 00:20:50 | 004,201,521 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Party Rock Anthem LMFAO [OFFICIAL LYRICS].mp3
[2012/01/14 21:08:42 | 000,245,788 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Bloody-Heart-psd50315.png
[2012/01/13 15:59:04 | 000,007,695 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\spiderMail.zip
[2012/01/13 12:29:43 | 000,920,763 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\2012WTRIntroVO.mp3
[2011/10/01 18:08:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\{E1C1626C-EDD2-4FB2-8AF8-3182BB70C25A}
[2011/09/24 13:04:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/16 22:28:59 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\b1560PaIpDeL8615
[2011/04/20 15:50:56 | 000,214,156 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/02/15 18:42:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/02/12 17:23:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/02/10 22:13:23 | 003,733,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 21:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/01 11:50:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\housecall.guid.cache
[2010/09/26 23:50:29 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2010/07/14 14:42:57 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/13 19:05:30 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\sndm360.dll
[2010/04/13 19:05:30 | 000,229,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndm360.sys
[2010/04/13 19:05:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndm360.dll
[2010/04/13 19:05:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndm360.exe
[2010/04/13 19:05:30 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndm360.ini
[2010/04/06 18:55:55 | 000,003,294 | -HS- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\C6158646
[2010/04/06 18:55:55 | 000,003,294 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\C6158646
[2010/03/23 22:04:05 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\net.telestream.ustreamproducer.prefs.xml
[2010/03/13 02:00:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/03/05 19:08:52 | 000,014,884 | -HS- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\cOIowo4S2404k
[2010/01/14 13:19:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/18 21:42:05 | 000,004,575 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\SoundBytePrefs
[2009/12/06 20:10:03 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\WavCodec.wff
[2009/11/24 16:26:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\prvlcl.dat
[2009/09/23 11:25:22 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/23 11:25:20 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/23 11:25:20 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/09/23 11:25:19 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/28 16:18:28 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\Settings.cfg
[2009/06/27 17:42:33 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/06/27 17:42:33 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5C45F9F599.sys
[2009/06/07 06:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2008/11/21 14:00:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/21 14:00:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/19 14:47:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/21 18:06:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\PUTTY.RND
[2008/09/06 19:43:02 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/09/06 19:43:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/08/26 15:59:34 | 000,000,245 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2008/08/01 20:02:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/27 15:50:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/27 15:49:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/12 20:34:59 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DelDir.EXE
[2008/05/26 13:40:51 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/05/26 13:40:51 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/05/26 13:40:51 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/05/26 13:40:51 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/05/26 13:40:51 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/05/26 13:40:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/05/19 00:02:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2008/05/13 00:35:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/03/30 22:39:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/28 19:24:27 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/27 14:25:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/17 16:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/03/15 22:18:28 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/11 00:46:29 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/03/10 01:18:57 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/10 01:18:23 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 00:42:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/06 23:20:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\sndfcam.dll
[2008/03/06 23:20:31 | 000,219,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndfcam.sys
[2008/03/06 23:20:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndfcam.dll
[2008/03/06 23:20:31 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndfcam.ini
[2008/03/06 23:20:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndfcam.exe
[2008/03/06 23:16:55 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/03/06 22:37:30 | 000,000,197 | -HS- | C] () -- C:\Program Files\Common Files\maxtreme.dat
[2008/03/06 18:13:59 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2008/03/06 17:46:38 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/06 17:11:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/06 17:02:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/03/06 16:53:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/06 16:48:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/06 11:43:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/06 11:42:21 | 004,386,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/06/12 17:53:58 | 001,277,952 | ---- | C] () -- C:\WINDOWS\System32\libfishsound.dll
[2007/01/11 00:39:12 | 001,053,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,473,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,076,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/06/17 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/13 09:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/02/10 21:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/30 20:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/05/27 16:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/12/22 22:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2011/03/14 10:14:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/17 12:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/24 13:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/02/10 21:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2008/03/08 11:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2012/02/12 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/14 15:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/03/06 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/06 21:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2012/01/20 01:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/02/18 19:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pPpPlMf07500
[2009/02/07 01:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyMay
[2010/10/13 16:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/24 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/03/23 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telestream
[2009/01/29 14:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2011/02/12 16:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/26 15:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/13 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2011/01/25 02:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/06 21:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/06 17:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\acccore
[2008/08/20 14:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Aim
[2008/07/27 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Atari
[2009/11/04 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Audacity
[2011/10/01 22:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\AVG2012
[2010/11/16 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Azureus
[2008/03/27 13:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Camfrog
[2010/10/19 12:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Coby Media Manager
[2009/12/22 20:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2009/08/28 01:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2009/08/28 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\com.comcast.callerid.4C7707E731FA230A00265DE26809CEAF299D5FFD.1
[2009/03/19 16:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\CombiTech
[2009/01/24 11:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Conviva
[2011/11/27 15:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\DDMSettings
[2008/06/19 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\DVDforger
[2008/03/06 21:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Dynamic
[2012/02/11 23:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\FileZilla
[2010/11/16 15:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\FrostWire
[2012/01/16 02:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\HD Tune Pro
[2008/03/08 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\HotSync
[2008/05/23 17:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\InternetCalls
[2008/03/08 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Jasc
[2009/07/12 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\KVIrc
[2008/07/27 15:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Leadertech
[2010/07/28 22:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\ManyCam
[2008/12/18 21:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\MxBoost
[2008/03/06 22:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\NCH Swift Sound
[2008/12/23 14:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\OpenOffice.org
[2009/09/10 00:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Orca Profiles
[2010/08/13 15:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Paltalk
[2011/03/14 00:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\SiteClasses
[2011/03/18 17:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Sites
[2012/01/29 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Sony Online Entertainment
[2009/08/05 21:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\TeamViewer
[2011/07/28 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/11/24 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Ulead Systems
[2009/02/07 20:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Uniblue
[2012/02/12 11:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\uTorrent
[2010/03/23 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Vara Software
[2009/06/26 15:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Viewpoint
[2008/03/06 22:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Webcammax
[2010/09/29 16:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Wirecast
[2010/12/12 03:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\X-Chat 2
[2011/03/24 22:59:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/03/07 01:45:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/05/23 12:17:49 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB25344$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >

OTL Extras logfile created on: 02/12/2012 11:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dougherty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.78% Memory free
3.84 Gb Paging File | 2.64 Gb Available in Paging File | 68.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 25.86 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Dougherty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"86:TCP" = 86:TCP:*:Enabled:BroadCam Web Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8000:TCP" = 8000:TCP:*:Enabled:Shoutcast
"19610:TCP" = 19610:TCP:*:Enabled:Bittorrent
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:TCP" = 1900:TCP:*:Enabled:Windows Media Player Network Sharing Service
"10280:TCP" = 10280:TCP:*:Enabled:Windows Media Player Network Sharing Service
"3074:TCP" = 3074:TCP:*:Enabled:XBox
"3074:UDP" = 3074:UDP:*:Enabled:Xbox
"88:UDP" = 88:UDP:*:Enabled:Xbox
"53:TCP" = 53:TCP:*:Enabled:Xbox
"53:UDP" = 53:UDP:*:Enabled:Xbox
"5061:TCP" = 5061:TCP:*:Enabled:Windows Live Messneger
"5004:UDP" = 5004:UDP:*:Enabled:Windows Live Messneger
"65525:UDP" = 65525:UDP:*:Enabled:Windows Live Messenger
"25:TCP" = 25:TCP:*:Enabled:Outlook
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Radio Toolbox\rtb.exe" = C:\Program Files\Radio Toolbox\rtb.exe:*:Enabled:Radio Toolbox -- (www.radiotoolbox.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\SHOUTcast\sc_serv.exe" = C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv -- ()
"C:\Program Files\SHOUTcast\8002\sc_serv.exe" = C:\Program Files\SHOUTcast\8002\sc_serv.exe:*:Enabled:sc_serv -- ()
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\NSVtools\nsvcap.exe" = C:\Program Files\NSVtools\nsvcap.exe:*:Enabled:NSV Live Capture -- (MyCompanyName)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4E6688-6C00-4340-86F3-C6F3896F1FF2}" = DART Karaoke Studio CDG
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E1E918-4FBE-CA4E-DAEA-5CE418514A63}" = Comcast Universal Caller ID
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{339E14FF-8FDC-4809-AAF2-87BA22905C7F}" = DirectX for Managed Code Update (December 2004)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CDF4815-1334-4AF3-B780-1F6526011C5A}" = HyperLoad - Golf Course
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8ED84666-3A2A-4E28-AB26-B6B65260CB86}" = Philips FunCam
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BC6CF7-B3CC-6699-0351-F845AC6D24DC}" = Comcast Access
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5CFF65B-1E1E-489E-86E2-C2A3AF4C88D9}" = Web-Based Email Tools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E793B230-D5E0-4500-8476-E0B94112C3A6}" = Philips FunCam Photo Manager
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AIM_7" = AIM 7
"America Online us" = America Online
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"AOL Diagnostics_N" =
"AOL One-

#9 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 February 2012 - 11:24 AM

Here Ya Go

ListParts by Farbar
Ran by Dougherty on 12-02-2012 at 11:08:23
Windows XP (X86)
Running From: C:\Documents and Settings\Dougherty\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 71%
Total physical RAM: 2037.1 MB
Available physical RAM: 590.5 MB
Total Pagefile: 3929.97 MB
Available Pagefile: 2708.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 2005.53 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.82 GB) (Free:25.86 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 233 GB Healthy System (partition with boot components)

'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


****** End Of Log ******

OTL logfile created on: 02/12/2012 11:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dougherty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.78% Memory free
3.84 Gb Paging File | 2.64 Gb Available in Paging File | 68.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 25.86 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Dougherty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 11:07:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dougherty\Desktop\OTL.exe
PRC - [2012/02/01 13:15:15 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/15 16:15:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/12/01 10:01:06 | 000,074,752 | ---- | M] () -- C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/03/11 18:29:51 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2005/01/28 16:00:48 | 000,192,512 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
PRC - [2001/11/26 18:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 13:15:15 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/08 14:09:22 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}\components\RadioWMPCoreGecko10.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/01 10:01:06 | 000,074,752 | ---- | M] () -- C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
MOD - [2011/11/15 11:04:48 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/12 23:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files\ManyCam\Bin\cximagecrt.dll
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/09/16 15:21:34 | 000,237,568 | ---- | M] () -- C:\WINDOWS\system32\sndfcam.dll
MOD - [2003/10/21 15:45:56 | 000,442,368 | ---- | M] () -- C:\Program Files\Philips Photo Manager\FunCam\FPXLIB.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XAudioService)
SRV - File not found [Disabled | Stopped] -- -- (Windows Services Control)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 06:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
SRV - [2009/12/15 20:40:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/14 05:42:38 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\ScFBPNT2.dll -- (useraccess7)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2001/11/26 18:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/09/02 16:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 20:56:20 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/06/20 12:08:20 | 000,987,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 12:07:42 | 000,268,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/06/20 12:07:38 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/27 07:56:50 | 000,031,872 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\superwebcam.sys -- (SUPERWEBCAM)
DRV - [2005/10/17 19:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/16 14:12:36 | 000,219,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndfcam.sys -- (SNDFCAM)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



IE - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dougherty\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dougherty\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dougherty\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dougherty\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/27 15:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/15 16:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/10 20:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 13:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 16:15:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Dougherty\Application Data\Move Networks [2011/01/15 23:14:45 | 000,000,000 | ---D | M]

[2009/03/26 16:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Extensions
[2009/03/26 16:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/15 21:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions
[2012/01/15 21:00:10 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009/06/25 00:37:16 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/01/08 22:48:56 | 000,000,000 | ---D | M] (MakeMeBabies 2.0 Community Toolbar) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}
[2008/12/14 18:02:22 | 000,000,000 | ---D | M] (Justin.tv Publisher) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\justintvpublisher@justin.tv
[2008/11/26 03:24:39 | 000,000,000 | ---D | M] (LetsSync Publisher) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\letssyncpublisher@letssync.com
[2009/01/24 11:37:26 | 000,000,000 | ---D | M] (Conviva LivePass (Firefox)) -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\extensions\StreamingPlugin@conviva.com
[2010/03/05 16:28:36 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\searchplugins\bing-ff.xml
[2010/09/13 01:19:58 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Profiles\f16bsc8h.default\searchplugins\conduit.xml
[2011/12/29 12:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 12:41:24 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOUGHERTY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F16BSC8H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/10 20:58:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/01 13:15:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2002/08/29 08:41:08 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp60.dll
[2002/08/29 08:41:08 | 000,323,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcrt.dll
[2005/12/05 21:31:02 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2003/01/31 21:03:30 | 000,106,496 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\NPnsv_vp3_mp3.dll
[2009/11/20 12:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwbe.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 13:03:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\Dougherty\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe ()
O4 - Startup: C:\Documents and Settings\Dougherty\Start Menu\Programs\Startup\UniversalCallerID.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)
O16 - DPF: Ustream Publisher http://static.ustream.tv/plugin/ustream_publisher.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66CBD011-63A5-4C83-B370-7AEB31370BA7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dougherty\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 16:51:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/11 11:14:42 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: useraccess7 - C:\WINDOWS\system32\ScFBPNT2.dll (Oak Technology Inc.)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 11:07:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dougherty\Desktop\OTL.exe
[2012/02/12 10:54:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/12 03:46:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/12 03:10:52 | 004,402,217 | R--- | C] (Swearware) -- C:\Documents and Settings\Dougherty\Desktop\ComboFix.exe
[2012/02/11 21:47:15 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dougherty\Desktop\TDSSKiller.exe
[2012/02/11 21:43:18 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dougherty\Desktop\aswMBR.exe
[2012/02/11 17:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\virusprotection
[2012/02/11 15:04:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 15:04:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 15:04:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 11:14:42 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2012/02/11 03:39:22 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/02/10 21:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/02/10 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/02/10 20:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/04 23:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\wordpress
[2012/02/04 19:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\1989
[2012/02/04 16:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\SQL DB's
[2012/02/04 01:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\news
[2012/02/03 11:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\TheRack
[2012/02/02 20:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/02/02 20:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/02 20:58:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/29 16:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Application Data\Sony Online Entertainment
[2012/01/29 16:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\SCE
[2012/01/29 16:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/01/29 16:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2012/01/23 00:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\jackies&lindsey
[2012/01/21 21:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\2005
[2012/01/19 20:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\WTR Site Stuff
[2012/01/16 02:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Application Data\HD Tune Pro
[2012/01/16 02:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2012/01/16 02:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/01/14 20:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dougherty\Desktop\1998
[2010/04/13 19:05:30 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndm360.dll
[2008/03/06 23:20:30 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\DCamRes.dll
[2008/03/06 23:20:30 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndfcam.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/12 11:15:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1788223648-839522115-1003UA.job
[2012/02/12 11:07:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dougherty\Desktop\OTL.exe
[2012/02/12 11:07:44 | 000,303,485 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\ListParts.exe
[2012/02/12 11:05:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 09:32:42 | 057,494,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/02/12 09:32:42 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2012/02/12 03:41:10 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/12 03:41:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 03:40:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1788223648-839522115-1003.job
[2012/02/12 03:40:20 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 03:40:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/12 03:10:54 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\Dougherty\Desktop\ComboFix.exe
[2012/02/11 22:22:40 | 155,005,960 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MADtv MTV Icon Salutes Whitney Houston.avi
[2012/02/11 21:52:11 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.rar
[2012/02/11 21:51:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.dat
[2012/02/11 21:43:50 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dougherty\Desktop\aswMBR.exe
[2012/02/11 21:43:33 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\tdsskiller.zip
[2012/02/11 21:06:28 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\getalbumpics.php
[2012/02/11 20:38:42 | 127,236,378 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\MAD TV Whitney Houston and Bobby Brown.avi
[2012/02/11 16:15:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1788223648-839522115-1003Core.job
[2012/02/11 13:54:16 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/02/11 03:04:00 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 21:59:29 | 000,031,253 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/02/10 21:58:10 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/02/10 21:10:49 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/02/09 10:15:24 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dougherty\Desktop\TDSSKiller.exe
[2012/02/06 22:49:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1788223648-839522115-1003.job
[2012/02/06 13:50:22 | 004,386,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/06 12:01:05 | 004,433,480 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Chalkboard.jpg
[2012/02/05 11:49:42 | 000,214,156 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/04 16:12:02 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\00.rtf
[2012/02/04 16:09:17 | 000,010,336 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\07.rtf
[2012/02/04 15:19:29 | 000,007,687 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\06.rtf
[2012/02/04 14:51:05 | 000,011,340 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\05.rtf
[2012/02/04 13:49:42 | 000,031,235 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\04.rtf
[2012/02/04 12:43:20 | 000,004,709 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\03.rtf
[2012/02/04 12:23:06 | 000,003,999 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\02.rtf
[2012/02/04 12:06:35 | 000,004,543 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\01.rtf
[2012/01/31 22:39:59 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\hhhrp2.rtf
[2012/01/29 14:59:22 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2012/01/24 00:46:59 | 003,291,873 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Rocky Horror Picture Show Sweet Transvestite.mp3
[2012/01/23 15:15:58 | 000,493,320 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan2.mp3
[2012/01/23 15:13:20 | 008,190,039 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Sax Rock and Roll.mp3
[2012/01/23 14:06:23 | 001,343,764 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan.mp3
[2012/01/22 23:27:10 | 003,835,994 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\WWE Royal Rumble 2012 Theme Song 'Dark Horses' by Switchfoot + Download Link (Official) HD.mp3
[2012/01/20 01:29:43 | 000,010,773 | ---- | M] () -- C:\Documents and Settings\Dougherty\My Documents\DXHolidayRP.rtf
[2012/01/16 00:57:00 | 009,465,968 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\SpugMaseRipStyles.mp3
[2012/01/15 15:39:25 | 003,495,103 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Somebody-Call-My-Momma--Jim-Johnston-.mp3
[2012/01/15 00:21:31 | 004,201,521 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Party Rock Anthem LMFAO [OFFICIAL LYRICS].mp3
[2012/01/14 21:08:43 | 000,245,788 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\Bloody-Heart-psd50315.png
[2012/01/13 15:59:06 | 000,007,695 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\spiderMail.zip
[2012/01/13 12:29:44 | 000,920,763 | ---- | M] () -- C:\Documents and Settings\Dougherty\Desktop\2012WTRIntroVO.mp3
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 11:07:44 | 000,303,485 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\ListParts.exe
[2012/02/11 22:21:31 | 155,005,960 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MADtv MTV Icon Salutes Whitney Houston.avi
[2012/02/11 21:52:11 | 000,000,492 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.rar
[2012/02/11 21:51:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MBR.dat
[2012/02/11 21:43:28 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\tdsskiller.zip
[2012/02/11 21:06:28 | 000,001,007 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\getalbumpics.php
[2012/02/11 20:37:34 | 127,236,378 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\MAD TV Whitney Houston and Bobby Brown.avi
[2012/02/11 15:04:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 15:04:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 15:04:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/10 21:58:10 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012/02/10 21:10:49 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/02/06 20:58:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/06 12:00:54 | 004,433,480 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Chalkboard.jpg
[2012/02/04 16:12:02 | 000,001,281 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\00.rtf
[2012/02/03 18:41:29 | 000,010,336 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\07.rtf
[2012/02/03 18:41:10 | 000,007,687 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\06.rtf
[2012/02/03 18:41:00 | 000,011,340 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\05.rtf
[2012/02/03 18:40:53 | 000,031,235 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\04.rtf
[2012/02/03 18:40:43 | 000,004,709 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\03.rtf
[2012/02/03 18:40:35 | 000,003,999 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\02.rtf
[2012/02/03 18:40:25 | 000,004,543 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\01.rtf
[2012/01/31 22:23:01 | 000,002,290 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\hhhrp2.rtf
[2012/01/24 00:46:49 | 003,291,873 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Rocky Horror Picture Show Sweet Transvestite.mp3
[2012/01/23 15:15:55 | 000,493,320 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan2.mp3
[2012/01/23 15:09:57 | 008,190,039 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Sax Rock and Roll.mp3
[2012/01/23 14:06:20 | 001,343,764 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\kayfabevoicealan.mp3
[2012/01/22 23:26:58 | 003,835,994 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\WWE Royal Rumble 2012 Theme Song 'Dark Horses' by Switchfoot + Download Link (Official) HD.mp3
[2012/01/18 19:10:54 | 000,010,773 | ---- | C] () -- C:\Documents and Settings\Dougherty\My Documents\DXHolidayRP.rtf
[2012/01/16 00:56:06 | 009,465,968 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\SpugMaseRipStyles.mp3
[2012/01/15 14:56:26 | 003,495,103 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Somebody-Call-My-Momma--Jim-Johnston-.mp3
[2012/01/15 00:20:50 | 004,201,521 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Party Rock Anthem LMFAO [OFFICIAL LYRICS].mp3
[2012/01/14 21:08:42 | 000,245,788 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\Bloody-Heart-psd50315.png
[2012/01/13 15:59:04 | 000,007,695 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\spiderMail.zip
[2012/01/13 12:29:43 | 000,920,763 | ---- | C] () -- C:\Documents and Settings\Dougherty\Desktop\2012WTRIntroVO.mp3
[2011/10/01 18:08:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\{E1C1626C-EDD2-4FB2-8AF8-3182BB70C25A}
[2011/09/24 13:04:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/16 22:28:59 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\b1560PaIpDeL8615
[2011/04/20 15:50:56 | 000,214,156 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/02/15 18:42:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/02/12 17:23:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/02/10 22:13:23 | 003,733,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 21:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/01 11:50:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\housecall.guid.cache
[2010/09/26 23:50:29 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2010/07/14 14:42:57 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/13 19:05:30 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\sndm360.dll
[2010/04/13 19:05:30 | 000,229,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndm360.sys
[2010/04/13 19:05:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndm360.dll
[2010/04/13 19:05:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndm360.exe
[2010/04/13 19:05:30 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndm360.ini
[2010/04/06 18:55:55 | 000,003,294 | -HS- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\C6158646
[2010/04/06 18:55:55 | 000,003,294 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\C6158646
[2010/03/23 22:04:05 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\net.telestream.ustreamproducer.prefs.xml
[2010/03/13 02:00:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/03/05 19:08:52 | 000,014,884 | -HS- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\cOIowo4S2404k
[2010/01/14 13:19:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/18 21:42:05 | 000,004,575 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\SoundBytePrefs
[2009/12/06 20:10:03 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\WavCodec.wff
[2009/11/24 16:26:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\prvlcl.dat
[2009/09/23 11:25:22 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/23 11:25:20 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/23 11:25:20 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/09/23 11:25:19 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/28 16:18:28 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Dougherty\Application Data\Settings.cfg
[2009/06/27 17:42:33 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/06/27 17:42:33 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5C45F9F599.sys
[2009/06/07 06:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2008/11/21 14:00:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/21 14:00:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/19 14:47:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/21 18:06:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\PUTTY.RND
[2008/09/06 19:43:02 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/09/06 19:43:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/08/26 15:59:34 | 000,000,245 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2008/08/01 20:02:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/27 15:50:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/27 15:49:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/12 20:34:59 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DelDir.EXE
[2008/05/26 13:40:51 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/05/26 13:40:51 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/05/26 13:40:51 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/05/26 13:40:51 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/05/26 13:40:51 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/05/26 13:40:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/05/19 00:02:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2008/05/13 00:35:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/03/30 22:39:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/28 19:24:27 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/27 14:25:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/17 16:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/03/15 22:18:28 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/11 00:46:29 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/03/10 01:18:57 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/10 01:18:23 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 00:42:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/06 23:20:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\sndfcam.dll
[2008/03/06 23:20:31 | 000,219,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndfcam.sys
[2008/03/06 23:20:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndfcam.dll
[2008/03/06 23:20:31 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndfcam.ini
[2008/03/06 23:20:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndfcam.exe
[2008/03/06 23:16:55 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/03/06 22:37:30 | 000,000,197 | -HS- | C] () -- C:\Program Files\Common Files\maxtreme.dat
[2008/03/06 18:13:59 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2008/03/06 17:46:38 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/06 17:11:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/06 17:02:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/03/06 16:53:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/06 16:48:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/06 11:43:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/06 11:42:21 | 004,386,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/06/12 17:53:58 | 001,277,952 | ---- | C] () -- C:\WINDOWS\System32\libfishsound.dll
[2007/01/11 00:39:12 | 001,053,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,473,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,076,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/06/17 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/13 09:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/02/10 21:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/30 20:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/05/27 16:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/12/22 22:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2011/03/14 10:14:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/17 12:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/24 13:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/02/10 21:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2008/03/08 11:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2012/02/12 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/14 15:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/03/06 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/06 21:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2012/01/20 01:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/02/18 19:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pPpPlMf07500
[2009/02/07 01:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyMay
[2010/10/13 16:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/24 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/03/23 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telestream
[2009/01/29 14:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2011/02/12 16:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/26 15:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/13 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2011/01/25 02:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/06 21:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/06 17:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\acccore
[2008/08/20 14:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Aim
[2008/07/27 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Atari
[2009/11/04 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Audacity
[2011/10/01 22:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\AVG2012
[2010/11/16 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Azureus
[2008/03/27 13:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Camfrog
[2010/10/19 12:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Coby Media Manager
[2009/12/22 20:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2009/08/28 01:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2009/08/28 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\com.comcast.callerid.4C7707E731FA230A00265DE26809CEAF299D5FFD.1
[2009/03/19 16:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\CombiTech
[2009/01/24 11:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Conviva
[2011/11/27 15:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\DDMSettings
[2008/06/19 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\DVDforger
[2008/03/06 21:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Dynamic
[2012/02/11 23:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\FileZilla
[2010/11/16 15:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\FrostWire
[2012/01/16 02:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\HD Tune Pro
[2008/03/08 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\HotSync
[2008/05/23 17:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\InternetCalls
[2008/03/08 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Jasc
[2009/07/12 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\KVIrc
[2008/07/27 15:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Leadertech
[2010/07/28 22:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\ManyCam
[2008/12/18 21:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\MxBoost
[2008/03/06 22:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\NCH Swift Sound
[2008/12/23 14:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\OpenOffice.org
[2009/09/10 00:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Orca Profiles
[2010/08/13 15:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Paltalk
[2011/03/14 00:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\SiteClasses
[2011/03/18 17:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Sites
[2012/01/29 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Sony Online Entertainment
[2009/08/05 21:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\TeamViewer
[2011/07/28 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/11/24 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Ulead Systems
[2009/02/07 20:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Uniblue
[2012/02/12 11:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\uTorrent
[2010/03/23 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Vara Software
[2009/06/26 15:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Viewpoint
[2008/03/06 22:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Webcammax
[2010/09/29 16:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\Wirecast
[2010/12/12 03:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dougherty\Application Data\X-Chat 2
[2011/03/24 22:59:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/03/07 01:45:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/05/23 12:17:49 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB25344$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >

OTL Extras logfile created on: 02/12/2012 11:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dougherty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.78% Memory free
3.84 Gb Paging File | 2.64 Gb Available in Paging File | 68.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 25.86 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Dougherty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1788223648-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"86:TCP" = 86:TCP:*:Enabled:BroadCam Web Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8000:TCP" = 8000:TCP:*:Enabled:Shoutcast
"19610:TCP" = 19610:TCP:*:Enabled:Bittorrent
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:TCP" = 1900:TCP:*:Enabled:Windows Media Player Network Sharing Service
"10280:TCP" = 10280:TCP:*:Enabled:Windows Media Player Network Sharing Service
"3074:TCP" = 3074:TCP:*:Enabled:XBox
"3074:UDP" = 3074:UDP:*:Enabled:Xbox
"88:UDP" = 88:UDP:*:Enabled:Xbox
"53:TCP" = 53:TCP:*:Enabled:Xbox
"53:UDP" = 53:UDP:*:Enabled:Xbox
"5061:TCP" = 5061:TCP:*:Enabled:Windows Live Messneger
"5004:UDP" = 5004:UDP:*:Enabled:Windows Live Messneger
"65525:UDP" = 65525:UDP:*:Enabled:Windows Live Messenger
"25:TCP" = 25:TCP:*:Enabled:Outlook
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1204841587\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Radio Toolbox\rtb.exe" = C:\Program Files\Radio Toolbox\rtb.exe:*:Enabled:Radio Toolbox -- (www.radiotoolbox.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\SHOUTcast\sc_serv.exe" = C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv -- ()
"C:\Program Files\SHOUTcast\8002\sc_serv.exe" = C:\Program Files\SHOUTcast\8002\sc_serv.exe:*:Enabled:sc_serv -- ()
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dougherty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\NSVtools\nsvcap.exe" = C:\Program Files\NSVtools\nsvcap.exe:*:Enabled:NSV Live Capture -- (MyCompanyName)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4E6688-6C00-4340-86F3-C6F3896F1FF2}" = DART Karaoke Studio CDG
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E1E918-4FBE-CA4E-DAEA-5CE418514A63}" = Comcast Universal Caller ID
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{339E14FF-8FDC-4809-AAF2-87BA22905C7F}" = DirectX for Managed Code Update (December 2004)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CDF4815-1334-4AF3-B780-1F6526011C5A}" = HyperLoad - Golf Course
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8ED84666-3A2A-4E28-AB26-B6B65260CB86}" = Philips FunCam
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BC6CF7-B3CC-6699-0351-F845AC6D24DC}" = Comcast Access
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5CFF65B-1E1E-489E-86E2-C2A3AF4C88D9}" = Web-Based Email Tools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E793B230-D5E0-4500-8476-E0B94112C3A6}" = Philips FunCam Photo Manager
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AIM_7" = AIM 7
"America Online us" = America Online
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"AOL Diagnostics_N" =
"AOL One-

#10 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 February 2012 - 11:26 AM

Sorry for the multiple posts, it said it didnt post

Edited by rocknsock, 12 February 2012 - 11:28 AM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 12 February 2012 - 11:39 AM

Hi

Please run the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1202660629-1788223648-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    NetSvcs: useraccess7 - C:\WINDOWS\system32\ScFBPNT2.dll (Oak Technology Inc.)
    SRV - [2008/04/14 05:42:38 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\ScFBPNT2.dll -- (useraccess7)
    [2010/04/06 18:55:55 | 000,003,294 | -HS- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\C6158646
    [2010/04/06 18:55:55 | 000,003,294 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\C6158646
    [2010/03/05 19:08:52 | 000,014,884 | -HS- | C] () -- C:\Documents and Settings\Dougherty\Local Settings\Application Data\cOIowo4S2404k
    
    
    :files
    rmdir C:\WINDOWS\$NtUninstallKB25344$ /c
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 February 2012 - 12:02 PM

Having to send this from my other computer, as doing the internet has been killed by that last scan.

Attached Files



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 12 February 2012 - 12:06 PM

Hi,

yes, this infection infects the tc/pip stack and this can sometimes happen


please run the following to see what it has done

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewallsfc
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 rocknsock

rocknsock
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 February 2012 - 12:12 PM

Farbar Service Scanner Version: 12-02-2012
Ran by Dougherty (administrator) on 12-02-2012 at 12:11:18
Running from "C:\Documents and Settings\Dougherty\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2012-02-10 20:31] - [2011-09-30 22:36] - 0075264 ____A () 19DD19FB992D6BF67811913B6FEAE577

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(13) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(7) Tcpip(4)
0x0F0000000500000001000000020000000300000004000000560000005A0000000A0000000D000000060000000800000007000000090000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 12 February 2012 - 12:17 PM

Hi

Ipsec.sys is infected

please rerun farbar service scanner


type the following into the search window

ipsec.sys


Press the "search files" button

post the resulting log

Edited by CatByte, 12 February 2012 - 12:17 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users