Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess.S - Can't connect to Internet


  • This topic is locked This topic is locked
57 replies to this topic

#1 Xyklon

Xyklon

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 11 April 2012 - 05:07 PM

Hi all

I just sent my computer to the shop after I got frustrated with not being able to remove a nasty bit of spyware that was hiding my files. After getting it back I learned that it now had the Google redirect malware.

I read up about it a little bit and ended up downloading and running TDSSKiller, which got rid of my redirect problem. However soon after I was not able to get on the internet and Malwarebytes said I had Zeroaccess.S which could not be removed due to it being a 'white' file or something. I currently cannot get on the internet and am worried about anything else residual that the guy that I brought my computer to did not remove that may still be effecting it. Other that not being able to access the internet the computer runs at a quick pace and is still pretty responsive.

I would appreciate any help that you guys could give me.

THANKS!

System:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3

Computer:
Intel® Core™ 2 Quad CPU
Q8300@2.50 GHz
2.50 GHz 2.00 GB of RAM
Physical Addresss Extension

Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by me at 19:57:46 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1714 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\me\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\me\application data\mozilla\firefox\profiles\filgc1wm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\me\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-10-20 100712]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-12 136176]
S2 mcafeeframework;Sstpsvc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mcrdsvc;Backupexecdevicemediaservice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mctaskmanager;S217unic;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mcupdmgr.exe;Sonytvc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-12 136176]
.
=============== Created Last 30 ================
.
2012-04-05 04:18:13 98992 ----a-w- c:\windows\system32\drivers\43528141.sys
2012-03-27 18:28:29 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-27 00:21:34 -------- d-----w- c:\documents and settings\me\local settings\application data\Threat Expert
2012-03-26 23:16:15 -------- d-----w- c:\program files\PC Tools
2012-03-26 23:12:57 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-26 23:12:57 -------- d-----w- c:\program files\common files\PC Tools
2012-03-26 23:12:28 -------- d-----w- c:\documents and settings\me\application data\TestApp
2012-03-26 23:12:28 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-03-26 23:06:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 14:24:12 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-24 14:24:12 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-20 12:14:45 327680 ----a-w- c:\documents and settings\me\application data\microsoft\microsoft\ruamntmv.dll
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-28 17:17:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-28 17:17:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 19:58:20.32 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 3:23:03 PM
System Uptime: 4/10/2012 6:08:38 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q PRO TURBO
Processor: Intel Pentium III Xeon processor | LGA 775 | 2499/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 121.92 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_104383AE&REV_1000\4&320758EB&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_104383AE&REV_1000\4&320758EB&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP391: 2/16/2012 5:27:16 PM - System Checkpoint
RP392: 2/21/2012 7:11:14 PM - System Checkpoint
RP393: 2/22/2012 7:59:41 PM - System Checkpoint
RP394: 2/24/2012 8:19:26 AM - System Checkpoint
RP395: 2/27/2012 7:55:40 AM - System Checkpoint
RP396: 2/29/2012 5:02:18 PM - System Checkpoint
RP397: 3/4/2012 11:17:44 AM - System Checkpoint
RP398: 3/7/2012 8:58:02 PM - Removed Skype™ 5.5
RP399: 3/7/2012 9:08:35 PM - Removed Skype™ 5.8
RP400: 3/7/2012 9:24:20 PM - Software Distribution Service 3.0
RP401: 3/7/2012 9:29:27 PM - Software Distribution Service 3.0
RP402: 3/7/2012 9:40:22 PM - Removed Skype™ 5.8
RP403: 3/8/2012 10:37:20 PM - System Checkpoint
RP404: 3/8/2012 11:28:03 PM - Removed Skype™ 5.8
RP405: 3/10/2012 10:27:31 AM - System Checkpoint
RP406: 3/11/2012 11:44:10 AM - System Checkpoint
RP407: 3/15/2012 9:57:54 PM - System Checkpoint
RP408: 3/16/2012 10:18:57 PM - System Checkpoint
RP409: 3/18/2012 11:18:09 AM - Software Distribution Service 3.0
RP410: 3/19/2012 10:03:27 PM - System Checkpoint
RP411: 3/23/2012 8:51:24 PM - System Checkpoint
RP412: 3/24/2012 10:00:43 PM - System Checkpoint
RP413: 3/25/2012 11:02:48 PM - System Checkpoint
RP414: 3/27/2012 10:07:48 AM - System Checkpoint
RP415: 3/28/2012 10:25:03 AM - System Checkpoint
RP416: 3/29/2012 11:15:54 AM - System Checkpoint
RP417: 3/31/2012 11:08:10 AM - System Checkpoint
RP418: 3/31/2012 3:54:00 PM - Restore Operation
RP419: 3/31/2012 4:01:34 PM - Restore Operation
RP420: 4/2/2012 9:32:33 PM - Installed WinZip 16.0
RP421: 4/3/2012 9:32:59 PM - System Checkpoint
RP422: 4/4/2012 9:34:29 PM - System Checkpoint
RP423: 4/5/2012 12:22:23 AM - Removed Kaspersky Security Scan
RP424: 4/5/2012 6:20:18 PM - Removed Adobe Reader X (10.1.2).
RP425: 4/5/2012 9:56:13 PM - Removed Bing Bar
RP426: 4/5/2012 9:58:13 PM - Removed Bonjour
RP427: 4/6/2012 12:24:22 AM - Removed AVG 2012
RP428: 4/6/2012 12:25:28 AM - Removed AVG 2012
RP429: 4/7/2012 12:49:19 AM - System Checkpoint
RP430: 4/9/2012 7:00:19 PM - System Checkpoint
RP431: 4/10/2012 5:27:01 PM - April 10th Tues Repair
RP432: 4/10/2012 5:32:37 PM - Restore Operation
RP433: 4/10/2012 6:05:52 PM - Restore Operation
RP434: 4/10/2012 6:06:50 PM - Removed DAEMON Tools
.
==== Installed Programs ======================
.
µTorrent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
BitZipper 2010
EverQuest Titanium
Google Chrome
Google Earth Plug-in
Google Update Helper
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Java Auto Updater
Java™ 6 Update 23
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-US)
MTX
Nero 7.5.9.0A
Neverwinter Nights 2
NVIDIA Control Panel 260.89
NVIDIA Graphics Driver 260.89
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenOffice.org 3.2
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.8
StarCraft II
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VLC media player 1.1.4
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 16.0
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/6/2012 12:34:48 AM, error: PCTCore [280] -
4/5/2012 12:21:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: d347bus
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The ZDCNDIS5 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Xnacc service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Wmp54gsvc service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Winvnc service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Winpower service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The WINIO service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Websenseuserservice service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Wanatw service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Vulfntrs service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Vds service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The USBCCID service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Uhcd service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Tvtpktfilter service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Tsp service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Transactional service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Tifm service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The TIEHDUSB service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Tapeware service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Streamip service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The St330service service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Sstpsvc service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Srvdpi service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Spmgr service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Sonytvc service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Smserial service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Slntamr service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Si3114r5 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Sglfb service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The SGIR service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Se44mdfl service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The SE2Emdm service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The S217unic service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The S217mgmt service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The S117mdm service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Regservice service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Rassstp service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Radclock service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The R300 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Qkbfiltr service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The PTDCVsp service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Pdlnatdl service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Pavprsrv service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The NVNET service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The NTACCESS service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Nsengine service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Nlsvc service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Ndisipo service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The MR97310_USB_DUAL_CAMERA service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Mr7910 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Mpe service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The MozyFilter service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Moufiltr service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Mhn service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Mcpromgr service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Lxcccustomerconnect service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Lwwlicenseservice service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Lilsgt service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Ldap service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Kerbkey service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Iaimtv2 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Hcmon service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Generichidservice service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Fasttx2k service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Dot4ufd service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Dktknsrv service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The DcLps service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Cwcwdm service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Ctxcpusched service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Cmuda3 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Centennialclientagent service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Ccsetmgr service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The C34nb4c5 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The BRGSp50 service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Basfipm service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Backupexecdevicemediaservice service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Atksgt service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Atfsd service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The ARCSOFTVIRTUALCAPTURE service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Allegro service terminated with the following error: The system cannot find the file specified.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Agrsrvce service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The Acedrv05 service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7023] - The {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} service terminated with the following error: The specified module could not be found.
4/5/2012 12:21:13 AM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
4/5/2012 12:21:13 AM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
4/5/2012 10:19:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 d347bus Fips intelppm
4/5/2012 10:18:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/5/2012 10:17:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/10/2012 5:37:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD d347bus Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss Tcpip
4/10/2012 5:37:35 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2012 5:37:35 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2012 5:37:35 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2012 5:37:35 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-10 23:09:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 ST3250824AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\me\LOCALS~1\Temp\fwxdapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F493A0, 0x5C77B9, 0xE8000020]
? C:\DOCUME~1\me\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\real\realplayer\update\realsched.exe[168] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB57722$\2236408201 0 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275 0 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\cfg.ini 216 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\L 0 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\L\wsmbmasf 162816 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\oemid 208 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U 0 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\U\80000032.@ 115200 bytes
File C:\WINDOWS\$NtUninstallKB57722$\4249951275\version 861 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 12 April 2012 - 01:45 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


NEXT:


Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    c:\documents and settings\me\application data\microsoft\*.* /s
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 12 April 2012 - 06:13 AM

#1. Thanks for all the help! Computer is still running pretty great, except no internet access. Here are the logs:

#2

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 06:54:12
-----------------------------
06:54:12.312 OS Version: Windows 5.1.2600 Service Pack 3
06:54:12.312 Number of processors: 4 586 0x170A
06:54:12.312 ComputerName: B455DF2A840947D UserName: me
06:54:12.765 Initialize success
06:54:18.171 AVAST engine download error: 0
06:54:21.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
06:54:21.796 Disk 0 Vendor: ST3250824AS 3.AAE Size: 238475MB BusType: 3
06:54:21.812 Disk 0 MBR read successfully
06:54:21.812 Disk 0 MBR scan
06:54:21.812 Disk 0 Windows XP default MBR code
06:54:21.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
06:54:21.812 Disk 0 scanning sectors +488376000
06:54:21.875 Disk 0 scanning C:\WINDOWS\system32\drivers
06:54:27.343 Service scanning
06:54:42.656 Modules scanning
06:54:54.656 Disk 0 trace - called modules:
06:54:54.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
06:54:54.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d88ab8]
06:54:54.703 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006c[0x89d55930]
06:54:54.703 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x89d8bd98]
06:54:54.703 Scan finished successfully
06:57:41.734 Disk 0 MBR has been saved successfully to "F:\2nd post\MBR.dat"
06:57:41.750 The log file has been saved successfully to "F:\2nd post\aswMBR.txt"


#3

Farbar Service Scanner Version: 01-03-2012
Ran by me (administrator) on 12-04-2012 at 06:59:19
Running from "C:\Documents and Settings\me\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2008-04-14 08:00] - [2008-04-14 08:00] - 0162816 ____A () D1FB86D58B151D274216C9146003A6E3

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000B0000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#4

OTL logfile created on: 4/12/2012 7:03:25 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.97% Memory free
3.85 Gb Paging File | 3.67 Gb Available in Paging File | 95.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 121.90 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 1.01 Gb Free Space | 27.10% Space Free | Partition Type: FAT32

Computer Name: B455DF2A840947D | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 06:50:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
PRC - [2012/01/28 13:17:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irsir.dll -- (windowblinds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomemanagementserver.dll -- (wfxsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgcoresvc.dll -- (wacomvhid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIBTXBAR.dll -- (vzcdbsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BrUsbSer.dll -- (vmnetadapter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (VICESYS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASDR.dll -- (vaiomediaplatform-mobile-gateway)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Freedom.dll -- (utscsi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcLps.dll -- (ultra66)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoteaccess.dll -- (tvald)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll -- (transbaseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (tifm21)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netmdsb.dll -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gtndis5.dll -- (sysaidagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\licensemanagersocket.dll -- (SRVLOC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igateway.dll -- (SiSRaid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webrootadminconsole.dll -- (SE2Dbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinetmgr.dll -- (SE26mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgsvcgen.dll -- (s3psddr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hddsvc.dll -- (rpcapd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahome92tnslistener.dll -- (roxwatch9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RVIEG01.dll -- (roxliveshare)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (RioS30)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpsrv.dll -- (rimmptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtl8185.dll -- (retrowdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghoststartservice.dll -- (RESMGR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (psdvdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahometnslistener.dll -- (pmem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slee_81_service.dll -- (pinetmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (pepifilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pensup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Afc.dll -- (pdlndlpb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetPipeActivator.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (ntpr_nic_service2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysmgmthp.dll -- (nm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcx1unic.dll -- (nicconfigsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTACCESS.dll -- (mwstick)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdpredir.dll -- (mwssched)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716bus.dll -- (mvdcodec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbaudio.dll -- (mssql$microsoftbcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgclean.dll -- (mozyFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fs_rec.dll -- (mf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipfilterdriver.dll -- (mctaskmanager)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrbus.dll -- (mcrdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Angel2.dll -- (mcdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICSer_WPC300N.dll -- (mcafeeframework)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rksample.dll -- (livesrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (LHidUsbK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (klblmain)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMNDIS5.dll -- (issvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EPOWER.dll -- (InterBaseGuardian)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ati2mpaa.dll -- (icepack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcq_device.dll -- (iAimTV6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll -- (hpzius12)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\secdrv.dll -- (HIDSwvd)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atimpab.dll -- (genregistrar)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (FETNDIS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ichaud.dll -- (epson_pm_rpcv2_02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\STV680m.dll -- (earthlinksafeconnectagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrsce.dll -- (ddxgb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CYGF32X)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DMICall.dll -- (CXAVXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk21.dll -- (cvintdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (cmigameport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cinemsup.dll -- (CE3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt39.dll -- (CdaD10BA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwsecsvc.dll -- (caccprovsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (bdss)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (ASDR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsfhwazl.dll -- (AppnBase)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eeyeevnt.dll -- (APLMp50)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\me\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2010/09/07 16:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/05 14:16:44 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/28 13:17:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 10:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 17:42:52 | 000,000,000 | ---D | M]

[2010/10/20 17:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me\Application Data\Mozilla\Extensions
[2012/03/28 12:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\filgc1wm.default\extensions
[2011/11/10 23:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FILGC1WM.DEFAULT\EXTENSIONS\YVTEUGOSTF@YVTEUGOSTF.ORG.XPI
[2012/03/24 10:24:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/04 11:20:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/04 11:20:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/20 15:21:05 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33510c8e-045f-11e0-8f1f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33510c8e-045f-11e0-8f1f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33510c8e-045f-11e0-8f1f-806d6172696f}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: 94995971.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: rimmptsk - %systemroot%\system32\tpsrv.dll File not found
NetSvcs: utscsi - %systemroot%\system32\Freedom.dll File not found
NetSvcs: pepifilter - %systemroot%\system32\TOSHIBASoftModem.dll File not found
NetSvcs: mwstick - %systemroot%\system32\NTACCESS.dll File not found
NetSvcs: bdss - %systemroot%\system32\tmmbd.dll File not found
NetSvcs: tvald - %systemroot%\system32\remoteaccess.dll File not found
NetSvcs: mctaskmanager - %systemroot%\system32\ipfilterdriver.dll File not found
NetSvcs: tfsndrct - %systemroot%\system32\netmdsb.dll File not found
NetSvcs: tifm21 - %systemroot%\system32\prosync1.dll File not found
NetSvcs: VICESYS - %systemroot%\system32\ccflic0.dll File not found
NetSvcs: CYGF32X - %systemroot%\system32\oracleformsserver-forms60server-oraform.dll File not found
NetSvcs: mvdcodec - %systemroot%\system32\s716bus.dll File not found
NetSvcs: roxwatch9 - %systemroot%\system32\oracleorahome92tnslistener.dll File not found
NetSvcs: RESMGR - %systemroot%\system32\ghoststartservice.dll File not found
NetSvcs: earthlinksafeconnectagent - %systemroot%\system32\STV680m.dll File not found
NetSvcs: sysaidagent - %systemroot%\system32\gtndis5.dll File not found
NetSvcs: hpzius12 - %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll File not found
NetSvcs: FETNDIS - %systemroot%\system32\s217bus.dll File not found
NetSvcs: mcrdsvc - %systemroot%\system32\zebrbus.dll File not found
NetSvcs: NWSIPX32 - %systemroot%\system32\NetPipeActivator.dll File not found
NetSvcs: windowblinds - %systemroot%\system32\irsir.dll File not found
NetSvcs: caccprovsp - %systemroot%\system32\wwsecsvc.dll File not found
NetSvcs: mwssched - %systemroot%\system32\bdpredir.dll File not found
NetSvcs: vmnetadapter - %systemroot%\system32\BrUsbSer.dll File not found
NetSvcs: mssql$microsoftbcm - %systemroot%\system32\usbaudio.dll File not found
NetSvcs: ASDR - %systemroot%\system32\psadd.dll File not found
NetSvcs: HIDSwvd - %systemroot%\system32\secdrv.dll File not found
NetSvcs: wfxsvc - %systemroot%\system32\oracleorahomemanagementserver.dll File not found
NetSvcs: mozyFilter - %systemroot%\system32\avgclean.dll File not found
NetSvcs: vzcdbsvc - %systemroot%\system32\ATIBTXBAR.dll File not found
NetSvcs: ntpr_nic_service2 - %systemroot%\system32\rapapp.dll File not found
NetSvcs: livesrv - %systemroot%\system32\rksample.dll File not found
NetSvcs: epson_pm_rpcv2_02 - %systemroot%\system32\ichaud.dll File not found
NetSvcs: s3psddr - %systemroot%\system32\bgsvcgen.dll File not found
NetSvcs: icepack - %systemroot%\system32\ati2mpaa.dll File not found
NetSvcs: retrowdsvc - %systemroot%\system32\rtl8185.dll File not found
NetSvcs: mcafeeframework - %systemroot%\system32\NICSer_WPC300N.dll File not found
NetSvcs: cmigameport - %systemroot%\system32\s616mdm.dll File not found
NetSvcs: SE2Dbus - %systemroot%\system32\webrootadminconsole.dll File not found
NetSvcs: pinetmgr - %systemroot%\system32\slee_81_service.dll File not found
NetSvcs: APLMp50 - %systemroot%\system32\eeyeevnt.dll File not found
NetSvcs: CE3 - %systemroot%\system32\Cinemsup.dll File not found
NetSvcs: vaiomediaplatform-mobile-gateway - %systemroot%\system32\ASDR.dll File not found
NetSvcs: iAimTV6 - %systemroot%\system32\dlcq_device.dll File not found
NetSvcs: pmem - %systemroot%\system32\oracleorahometnslistener.dll File not found
NetSvcs: SiSRaid - %systemroot%\system32\igateway.dll File not found
NetSvcs: CDRPDACC - %systemroot%\system32\viaudio.dll File not found
NetSvcs: mf - %systemroot%\system32\fs_rec.dll File not found
NetSvcs: SE26mdfl - %systemroot%\system32\pinetmgr.dll File not found
NetSvcs: CdaD10BA - %systemroot%\system32\SunkFilt39.dll File not found
NetSvcs: nm - %systemroot%\system32\sysmgmthp.dll File not found
NetSvcs: wacomvhid - %systemroot%\system32\avgcoresvc.dll File not found
NetSvcs: LHidUsbK - %systemroot%\system32\tphdexlgsvc.dll File not found
NetSvcs: k750mdfl - %systemroot%\system32\ultra66.dll File not found
NetSvcs: RioS30 - %systemroot%\system32\oracleorahomedatagatherer.dll File not found
NetSvcs: SRVLOC - %systemroot%\system32\licensemanagersocket.dll File not found
NetSvcs: genregistrar - %systemroot%\system32\atimpab.dll File not found
NetSvcs: CXAVXBAR - %systemroot%\system32\DMICall.dll File not found
NetSvcs: InterBaseGuardian - %systemroot%\system32\EPOWER.dll File not found
NetSvcs: issvc - %systemroot%\system32\SMNDIS5.dll File not found
NetSvcs: transbaseservice - %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll File not found
NetSvcs: rpcapd - %systemroot%\system32\hddsvc.dll File not found
NetSvcs: klblmain - %systemroot%\system32\cachemgr.dll File not found
NetSvcs: pdlndlpb - %systemroot%\system32\Afc.dll File not found
NetSvcs: mcdbus - %systemroot%\system32\Angel2.dll File not found
NetSvcs: roxliveshare - %systemroot%\system32\RVIEG01.dll File not found
NetSvcs: psdvdisk - %systemroot%\system32\RecAgent.dll File not found
NetSvcs: pensup - %systemroot%\system32\WaveFDE.dll File not found
NetSvcs: nicconfigsvc - %systemroot%\system32\pcx1unic.dll File not found
NetSvcs: ddxgb - %systemroot%\system32\zebrsce.dll File not found
NetSvcs: ultra66 - %systemroot%\system32\DcLps.dll File not found
NetSvcs: cvintdrv - %systemroot%\system32\PSSdk21.dll File not found
NetSvcs: mcupdmgr.exe - %systemroot%\system32\backupexecjobengine.dll File not found
NetSvcs: AppnBase - %systemroot%\system32\hsfhwazl.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 07:01:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2012/04/12 06:54:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\me\Desktop\aswMBR.exe
[2012/04/10 19:57:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\me\Desktop\dds.scr
[2012/04/10 17:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/04/10 17:27:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/05 00:18:13 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\43528141.sys
[2012/04/02 21:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/02 21:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/03/31 17:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\Pics
[2012/03/27 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/27 14:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/27 14:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/26 20:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Threat Expert
[2012/03/26 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/26 19:12:57 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/26 19:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/26 19:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/26 19:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\TestApp
[2012/03/26 19:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/26 19:06:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\me\Desktop\TDSSKiller.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 06:50:58 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\me\Desktop\FSS.exe
[2012/04/12 06:50:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2012/04/12 06:44:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\me\Desktop\aswMBR.exe
[2012/04/12 06:23:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 06:18:10 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1972579041-1801674531-1003UA.job
[2012/04/12 04:18:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1972579041-1801674531-1003Core.job
[2012/04/11 17:59:28 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1972579041-1801674531-1003.job
[2012/04/11 17:59:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/11 17:59:25 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 17:59:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/10 19:57:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\me\defogger_reenable
[2012/04/10 18:01:16 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\me\Desktop\gmer.zip
[2012/04/10 17:58:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\me\Desktop\dds.scr
[2012/04/10 17:56:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Defogger.exe
[2012/04/09 21:10:58 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 12:18:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1972579041-1801674531-1003.job
[2012/04/06 00:32:04 | 000,001,418 | ---- | M] () -- C:\Documents and Settings\me\Desktop\sdsetup.exe.lnk
[2012/04/05 21:55:32 | 000,010,662 | ---- | M] () -- C:\Documents and Settings\me\My Documents\cc_20120405_215515.reg
[2012/04/05 00:18:13 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\43528141.sys
[2012/04/04 22:44:24 | 000,024,828 | ---- | M] () -- C:\Documents and Settings\me\My Documents\cc_20120404_224415.reg
[2012/04/02 22:23:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/31 19:22:04 | 033,475,756 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Pics.zip
[2012/03/31 11:22:03 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/03/30 19:04:19 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/30 19:04:19 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/28 10:09:58 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/27 15:50:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/26 23:13:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/26 19:13:19 | 000,555,294 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\me\Desktop\TDSSKiller.exe
[2012/03/24 16:01:40 | 000,095,217 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Charlie.jpg
[2012/03/24 15:10:05 | 000,088,039 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Frog edit.JPG
[2012/03/24 10:23:55 | 000,000,351 | RHS- | M] () -- C:\boot.ini
[2012/03/23 18:15:07 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/23 18:15:05 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Google Chrome.lnk
[2012/03/18 11:41:13 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 11:19:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 06:57:49 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\me\Desktop\FSS.exe
[2012/04/10 19:57:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\me\defogger_reenable
[2012/04/10 19:57:09 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\me\Desktop\gmer.zip
[2012/04/10 19:57:05 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Defogger.exe
[2012/04/05 21:55:18 | 000,010,662 | ---- | C] () -- C:\Documents and Settings\me\My Documents\cc_20120405_215515.reg
[2012/04/04 22:44:18 | 000,024,828 | ---- | C] () -- C:\Documents and Settings\me\My Documents\cc_20120404_224415.reg
[2012/03/31 19:09:28 | 033,475,756 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Pics.zip
[2012/03/27 14:48:05 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/03/27 14:28:29 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/26 19:13:04 | 000,555,294 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/26 19:12:28 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\me\Desktop\sdsetup.exe.lnk
[2012/03/24 16:01:40 | 000,095,217 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Charlie.jpg
[2012/03/24 15:08:58 | 000,088,039 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Frog edit.JPG
[2012/03/07 22:25:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 09:25:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/16 09:25:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 09:25:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/16 09:25:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/16 09:25:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/28 21:33:21 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQS
[2012/01/28 21:33:21 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQSr
[2012/01/28 21:33:17 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\W4ID0FNNbYCqQS
[2012/01/26 18:52:10 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWu
[2012/01/26 18:52:10 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWur
[2012/01/26 18:52:04 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zRfpj2rbftmkWu
[2011/09/27 19:16:34 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 00:13:28 | 000,004,626 | -HS- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
[2011/06/15 00:13:28 | 000,004,626 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
[2011/04/26 16:44:17 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0
[2011/04/05 01:28:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 16:44:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/04 12:13:34 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/20 17:10:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/20 16:21:20 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/20 16:21:14 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/20 16:21:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/20 16:09:55 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/10/20 15:36:28 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/10/20 15:34:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2010/10/20 15:30:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 15:23:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 15:18:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/20 11:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/20 11:11:09 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/10/20 11:10:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/10/20 11:10:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/10/20 11:10:08 | 000,929,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/05 00:18:13 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\43528141.sys
[2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTSD.sys

< %SYSTEMDRIVE%\*.exe >

< c:\documents and settings\me\application data\microsoft\*.* /s >
[2010/12/23 10:48:34 | 000,176,594 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Address Book\me.wab
[2010/12/23 10:48:34 | 000,176,594 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Address Book\me.wab~
[2011/10/16 13:14:59 | 000,153,840 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\00813F57C0CBB9A83349C874FD014078
[2011/10/16 13:20:05 | 000,052,588 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\01F264D2BB689E7123B8E4B92BEB76C7
[2010/12/14 10:35:44 | 000,000,545 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF
[2012/01/24 18:13:55 | 000,036,093 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4
[2012/03/27 16:07:55 | 000,170,683 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\08E382DC40DC2B571439BB7A5449C239
[2010/10/20 16:33:34 | 000,000,727 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\0EBB3788D77094423275558212CCE7B1
[2011/01/14 13:07:39 | 000,035,599 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821
[2011/06/27 11:35:36 | 000,002,280 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\135BD6A358680A7BF1CCEC7C0172393D
[2011/06/02 19:29:34 | 000,430,232 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\1B9435E949F2B3D267BABDE0C8BC19A6
[2011/10/16 13:14:31 | 000,000,794 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\1C4E554353AB278B1DD0E7329C5388D7
[2011/10/16 13:14:27 | 000,000,969 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\1CE9F5C74186E7B86A5CC6A85C21C64C
[2012/02/21 21:09:10 | 000,000,988 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D
[2012/01/10 09:14:07 | 000,000,545 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\2659C1A560AB92C9C29D4B2B25815AE8
[2012/03/27 14:57:44 | 000,000,018 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
[2012/01/28 13:14:36 | 000,000,341 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
[2011/07/25 20:50:11 | 000,000,552 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D
[2010/12/14 10:35:18 | 000,002,155 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\38969BE6CA6647276BD650689DAF359C
[2011/10/16 13:14:44 | 000,000,494 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D
[2012/03/27 14:58:26 | 000,000,325 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\451DC5567B190A158F45C268C2C1C989
[2010/12/14 10:35:13 | 000,000,902 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\4859D5BAC918334C46BD5ECFE050190D
[2011/04/12 21:40:19 | 000,264,527 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
[2011/06/09 18:13:56 | 000,007,696 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\4DB1DABDF57ED9997FE8DCC77E93C04F
[2010/12/14 10:34:45 | 000,001,518 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\52FE9FFE4780FF24EC690DB2F1D013CE
[2012/01/26 18:40:40 | 000,019,724 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\5495C2E4531B22B3185CE59F8E73C447
[2010/10/20 16:33:34 | 000,000,706 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\5553AF14BD4C3B1DE599145FD14950E0
[2010/12/10 19:26:29 | 000,000,573 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\570FB14ABC805C46708F32F92F10C3B4
[2012/03/27 16:06:01 | 000,000,325 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\57C75A2116202D1B0A43D1BE323F2384
[2012/02/21 21:09:10 | 000,012,949 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\5F74056C561F814B7771CB2993A44DEB
[2012/03/27 16:07:50 | 000,000,898 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
[2012/01/28 13:14:26 | 000,034,620 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
[2011/04/05 01:28:58 | 000,001,095 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\678F9D319FF4D0257A34339D2BFE3CC5
[2011/10/16 13:14:49 | 000,144,464 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\74547E1981B533FEA41563CC9558DBD0
[2011/04/12 21:40:14 | 000,262,673 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
[2012/03/27 15:33:26 | 000,000,325 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\75F648433CA0438DDA9EADC3C02F976C
[2012/01/28 14:01:12 | 000,001,280 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\77EDE1350D6A4830F58081495812F0B6
[2012/01/28 13:14:41 | 000,000,413 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
[2011/11/30 09:27:10 | 000,000,552 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
[2011/06/27 11:35:39 | 000,001,151 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\87F16F8B405FD697FA6FF88C0E77D946
[2012/01/28 13:14:31 | 000,000,533 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
[2011/01/14 13:07:34 | 000,000,500 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B
[2012/03/07 21:56:34 | 000,048,509 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
[2011/06/16 21:27:11 | 000,431,549 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\96D7A99548C36B10D2E8035A3E0DCA1A
[2011/10/16 13:19:56 | 000,000,389 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\9CD8982C888AB544945893084BD7523A
[2012/01/02 00:01:50 | 000,002,202 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\A0F226E8ACF8E1672AF808D7CAF4AD47
[2011/06/30 09:18:49 | 000,000,558 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
[2011/04/12 21:40:28 | 000,096,054 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
[2012/01/02 00:01:55 | 000,001,302 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\A92ECB803776646616CF2949CC6BAC5D
[2011/10/16 13:20:00 | 000,000,429 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\B681B8816EE79EAEAA5CA7DA9EC0DC58
[2010/12/18 01:51:01 | 000,063,478 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
[2010/12/14 10:35:47 | 000,004,412 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\BF6AA579955A6C96DA58A0FEFEEA4250
[2011/04/05 01:28:58 | 000,001,310 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\C554DCF706A5AAB8B360FAD227EAB9C7
[2012/01/02 00:01:21 | 000,000,469 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
[2010/12/14 10:35:47 | 000,004,412 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\CCE3E32C68F1446EAE0F7CE249DCAFC6
[2012/01/26 18:40:47 | 000,002,775 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\D0F063B6B88A2B8BFE21C3993A613447
[2012/01/28 13:14:12 | 000,001,550 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\D236B74794790D9923905972356B8BEC
[2012/03/27 16:07:31 | 000,000,325 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\D4986E93688292E6AA43EC2846F35A36
[2011/10/16 13:14:53 | 000,007,639 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\D65457FE84851CE7E17198CC42C0193B
[2012/03/27 16:07:33 | 000,021,523 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\D725F3459E2275E9EA5871B92AD896D0
[2012/01/10 09:14:11 | 000,019,992 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\DEEA0BD81CC3B68E08E92D12B0916963
[2012/01/02 00:01:40 | 000,000,772 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\E2EF7F0FB7284B9ACFD4F65D02218479
[2011/07/25 20:11:41 | 000,000,558 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
[2011/01/02 16:46:19 | 000,002,249 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\E8974A4669383843486E5AFDB09650F5
[2011/06/15 18:24:52 | 000,000,772 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\EC37E616CDD78651CDD48402A28028C1
[2012/01/10 09:13:56 | 000,000,706 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\F063BF7EF604434CBE00FF198F0D9B10
[2012/03/27 14:57:39 | 000,000,325 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\F1CD82CF8CDDF5A0EEF951A329D80A97
[2011/03/03 18:33:32 | 000,005,235 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\F78CAE5D65CB8F387E2E0E15EF7E4AE3
[2012/03/27 16:07:29 | 000,000,955 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601
[2011/10/16 13:14:59 | 000,000,124 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\00813F57C0CBB9A83349C874FD014078
[2011/10/16 13:20:05 | 000,000,098 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\01F264D2BB689E7123B8E4B92BEB76C7
[2010/12/14 10:35:44 | 000,000,146 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF
[2012/01/24 18:13:55 | 000,000,132 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4
[2012/03/27 16:07:55 | 000,000,116 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\08E382DC40DC2B571439BB7A5449C239
[2010/10/20 16:33:34 | 000,000,138 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\0EBB3788D77094423275558212CCE7B1
[2011/01/14 13:07:39 | 000,000,114 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821
[2011/06/27 11:35:36 | 000,000,132 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\135BD6A358680A7BF1CCEC7C0172393D
[2011/06/02 19:29:34 | 000,000,134 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\1B9435E949F2B3D267BABDE0C8BC19A6
[2011/10/16 13:14:31 | 000,000,206 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\1C4E554353AB278B1DD0E7329C5388D7
[2011/10/16 13:14:27 | 000,000,204 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\1CE9F5C74186E7B86A5CC6A85C21C64C
[2012/02/21 21:09:10 | 000,000,112 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D
[2012/01/10 09:14:07 | 000,000,146 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\2659C1A560AB92C9C29D4B2B25815AE8
[2012/03/27 14:57:44 | 000,000,216 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
[2012/01/28 13:14:36 | 000,000,126 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
[2011/07/25 20:50:11 | 000,000,132 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D
[2010/12/14 10:35:18 | 000,000,120 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\38969BE6CA6647276BD650689DAF359C
[2011/10/16 13:14:44 | 000,000,132 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D
[2012/03/27 14:58:26 | 000,000,086 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\451DC5567B190A158F45C268C2C1C989
[2010/12/14 10:35:13 | 000,000,096 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\4859D5BAC918334C46BD5ECFE050190D
[2011/04/12 21:40:19 | 000,000,120 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
[2011/06/09 18:13:56 | 000,000,098 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\4DB1DABDF57ED9997FE8DCC77E93C04F
[2010/12/14 10:34:45 | 000,000,160 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\52FE9FFE4780FF24EC690DB2F1D013CE
[2012/01/26 18:40:40 | 000,000,122 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\5495C2E4531B22B3185CE59F8E73C447
[2010/10/20 16:33:34 | 000,000,206 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\5553AF14BD4C3B1DE599145FD14950E0
[2010/12/10 19:26:29 | 000,000,174 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\570FB14ABC805C46708F32F92F10C3B4
[2012/03/27 16:06:01 | 000,000,086 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\57C75A2116202D1B0A43D1BE323F2384
[2012/02/21 21:09:10 | 000,000,104 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\5F74056C561F814B7771CB2993A44DEB
[2012/03/27 16:07:50 | 000,000,094 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
[2012/01/28 13:14:26 | 000,000,124 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
[2011/04/05 01:28:58 | 000,000,120 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\678F9D319FF4D0257A34339D2BFE3CC5
[2011/10/16 13:14:49 | 000,000,154 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\74547E1981B533FEA41563CC9558DBD0
[2011/04/12 21:40:14 | 000,000,124 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
[2012/03/27 15:33:26 | 000,000,086 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\75F648433CA0438DDA9EADC3C02F976C
[2012/01/28 14:01:12 | 000,000,154 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\77EDE1350D6A4830F58081495812F0B6
[2012/01/28 13:14:41 | 000,000,098 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
[2011/11/30 09:27:10 | 000,000,132 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
[2011/06/27 11:35:39 | 000,000,120 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\87F16F8B405FD697FA6FF88C0E77D946
[2012/01/28 13:14:31 | 000,000,100 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
[2011/01/14 13:07:34 | 000,000,100 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B
[2012/03/07 21:56:34 | 000,000,216 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
[2011/06/16 21:27:11 | 000,000,134 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\96D7A99548C36B10D2E8035A3E0DCA1A
[2011/10/16 13:19:56 | 000,000,132 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\9CD8982C888AB544945893084BD7523A
[2012/01/02 00:01:50 | 000,000,194 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\A0F226E8ACF8E1672AF808D7CAF4AD47
[2011/06/30 09:18:49 | 000,000,146 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
[2011/04/12 21:40:28 | 000,000,124 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
[2012/01/02 00:01:55 | 000,000,126 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\A92ECB803776646616CF2949CC6BAC5D
[2011/10/16 13:20:00 | 000,000,136 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\B681B8816EE79EAEAA5CA7DA9EC0DC58
[2010/12/18 01:51:01 | 000,000,128 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
[2010/12/14 10:35:47 | 000,000,106 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\BF6AA579955A6C96DA58A0FEFEEA4250
[2011/04/05 01:28:58 | 000,000,100 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\C554DCF706A5AAB8B360FAD227EAB9C7
[2012/01/02 00:01:21 | 000,000,098 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
[2010/12/14 10:35:47 | 000,000,106 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\CCE3E32C68F1446EAE0F7CE249DCAFC6
[2012/01/26 18:40:47 | 000,000,178 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\D0F063B6B88A2B8BFE21C3993A613447
[2012/01/28 13:14:12 | 000,000,124 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\D236B74794790D9923905972356B8BEC
[2012/03/27 16:07:31 | 000,000,086 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\D4986E93688292E6AA43EC2846F35A36
[2011/10/16 13:14:53 | 000,000,118 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\D65457FE84851CE7E17198CC42C0193B
[2012/03/27 16:07:33 | 000,000,110 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\D725F3459E2275E9EA5871B92AD896D0
[2012/01/10 09:14:11 | 000,000,106 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\DEEA0BD81CC3B68E08E92D12B0916963
[2012/01/02 00:01:40 | 000,000,138 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\E2EF7F0FB7284B9ACFD4F65D02218479
[2011/07/25 20:11:41 | 000,000,144 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
[2011/01/02 16:46:19 | 000,000,124 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\E8974A4669383843486E5AFDB09650F5
[2011/06/15 18:24:52 | 000,000,134 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\EC37E616CDD78651CDD48402A28028C1
[2012/01/10 09:13:56 | 000,000,206 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\F063BF7EF604434CBE00FF198F0D9B10
[2012/03/27 14:57:39 | 000,000,086 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\F1CD82CF8CDDF5A0EEF951A329D80A97
[2011/03/03 18:33:32 | 000,000,238 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\F78CAE5D65CB8F387E2E0E15EF7E4AE3
[2012/03/27 16:07:29 | 000,000,134 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601
[2010/12/18 01:30:52 | 000,000,043 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\Crypto\RSA\S-1-5-21-1220945662-1972579041-1801674531-1003\34331bd9546cea8ffa1fe74209908d36_773ede37-b37d-46e8-abfe-f1d9424660c2
[2010/10/20 16:38:33 | 000,000,053 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\Crypto\RSA\S-1-5-21-1220945662-1972579041-1801674531-1003\6b29ae44e85efac3c72ff4d1865d73f1_773ede37-b37d-46e8-abfe-f1d9424660c2
[2010/10/20 15:30:08 | 000,000,045 | --S- | M] () -- c:\documents and settings\me\application data\microsoft\Crypto\RSA\S-1-5-21-1220945662-1972579041-1801674531-1003\83aa4cc77f591dfc2374580bbd95f6ba_773ede37-b37d-46e8-abfe-f1d9424660c2
[2011/03/25 13:34:09 | 000,008,634 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\HTML Help\hh.dat
[2010/10/20 15:20:55 | 000,000,141 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\brndlog.bak
[2010/10/20 15:25:23 | 000,010,378 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\brndlog.txt
[2012/03/31 11:43:44 | 000,002,448 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Desktop.htt
[2010/10/20 15:25:23 | 000,000,119 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/03/23 18:15:07 | 000,002,239 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/26 23:25:48 | 000,001,606 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2010/10/20 16:32:03 | 000,000,815 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 17:10:03 | 000,001,620 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/28 21:33:20 | 000,000,853 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/07/06 22:57:31 | 000,000,800 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/21 23:10:03 | 000,000,154 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Media Player\0E1B7080.wpl
[2012/03/20 08:14:45 | 000,327,680 | ---- | M] (AGEIA Technologies, Inc.) -- c:\documents and settings\me\application data\microsoft\Microsoft\ruamntmv.dll
[2011/08/31 18:25:29 | 000,033,211 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\MMC\dfrg
[2012/02/22 00:07:07 | 000,000,160 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\CREDHIST
[2012/02/22 00:07:07 | 000,000,388 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\4fd9cb2b-592c-44f9-b1e6-87a1bf7e9faf
[2012/02/22 00:07:07 | 000,000,388 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\5cabf787-8549-4625-a9db-9120781c1a2f
[2012/02/22 00:07:07 | 000,000,388 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\767b2173-a312-4f57-94b4-87581d90735d
[2012/04/06 11:18:10 | 000,000,388 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\7a79e079-0b92-4e4b-bfb1-c8eada33b2cb
[2012/02/22 00:07:07 | 000,000,388 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\91cf7a49-86bb-43a5-80e8-d9525c61cf9a
[2012/02/22 00:07:07 | 000,000,388 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\cfe9ffed-86c2-4c57-8d51-2d1d839777cd
[2012/04/06 11:18:10 | 000,000,024 | -HS- | M] () -- c:\documents and settings\me\application data\microsoft\Protect\S-1-5-21-1220945662-1972579041-1801674531-1003\Preferred
[2012/02/16 12:07:50 | 000,005,672 | ---- | M] () -- c:\documents and settings\me\application data\microsoft\Windows\Themes\Custom.theme

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 08:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB57722$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#4 EXTRAS

OTL Extras logfile created on: 4/12/2012 7:03:25 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.97% Memory free
3.85 Gb Paging File | 3.67 Gb Available in Paging File | 95.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 121.90 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 1.01 Gb Free Space | 27.10% Space Free | Partition Type: FAT32

Computer Name: B455DF2A840947D | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32714287-4234-412A-877B-D33AFABFDE2B}" = EverQuest Titanium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"BitZipper_is1" = BitZipper 2010
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero 7_is1" = Nero 7.5.9.0A
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:25 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:38 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 10:19:38 PM | Computer Name = B455DF2A840947D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Streamip service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Mhn service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The BrSerIf service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Agrsrvce service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Ldap service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Ndisipo service terminated with the following error: %%2

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Xnacc service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The SE2Emdm service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The Cmuda3 service terminated with the following error: %%126

Error - 4/11/2012 6:00:58 PM | Computer Name = B455DF2A840947D | Source = Service Control Manager | ID = 7023
Description = The C34nb4c5 service terminated with the following error: %%126


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 12 April 2012 - 07:44 AM

Hi Xyklon!

#1. Thanks for all the help! Computer is still running pretty great, except no internet access. Here are the logs:

Not a problem! I'm glad to be of assistance! :)

We'll need to do some work in the registry to repair a corrupted registry key.

You'll need to download the tools below, and copy them over to your USB device and bring them over to the infected computer and run them.

First things first, lets protect your USB device.

Running Flash Disinfector
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


NEXT:



ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



Please download the following file.

You'll want to double click on the file to run it.

Double click on the file to run it, and when you get prompted to merge it with your registry allow it to do so.

Then do the following:

Press the Windows Key + R.

Type in cmd.exe

Copy/Paste the following followed by ENTER:

net start NetBt
net start Dhcp


Reboot your computer.

Let me know if you're able to connect to the Internet in your next post.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 12 April 2012 - 08:43 AM

At work now - will follow up on these steps at about 5:30 PM est, cya then!

Edited by Xyklon, 12 April 2012 - 08:49 AM.


#6 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 12 April 2012 - 04:36 PM

ok I ran through these steps with no hang ups. I still have no internet access. When I click on repair my internet connection I get this:

Windos could not finish repairing the problem because the following cannot be completed: Failed to quesry TCP/IP settings of the connection. Cannot Proceed.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 12 April 2012 - 11:54 PM

Hi!

Sorry to hear you're still experiencing issues with connecting to the internet.

Please try the following below:
  • Click Start, click Run, and enter into the command box that opens: CMD and press [Enter]
  • Type:

    NETSH WINSOCK RESET CATALOG
    netsh int ip reset resetlog.txt

  • A prompt will appear after a moment that a restart of your computer is necessary. Reboot your computer.

Please see if your internet connection is restored after a reboot of your computer.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 13 April 2012 - 06:10 AM

After typing in NETSH WINSOCK RESET CATALOG to cmd, I got the following message:

"The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll" with an OK box.

After hitting ok cmd told me that
The following helper DLL cannot be loaded:: IFMON.DLL
The following command could not be found: WINSOCK RESET CATALOG

Still no internet after I reset.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 13 April 2012 - 08:24 AM

Hi!

Sorry to hear you're still without internet access!

Try this and see if it brings back your Internet:

Download Windows Repair by Tweaking.com to your desktop.

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click Custom Mode so there is a bullet in it.
  • Click the Start button (bottom right)

    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Remove Policies Set By Infections
    • Repair WMI
    • Repair Windows Firewall
    • Repair Winsock & DNS Cache
    • Repair Windows Updates
    • Set Windows Services To Default Startup

    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)

Let me know.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 13 April 2012 - 04:50 PM

Last step complete. No errors. Still no net after restart.

Edited by Xyklon, 13 April 2012 - 04:50 PM.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 14 April 2012 - 09:21 AM

Hi!

Okay, sorry to hear that! I'd like to get a new OTL log from you, and then start fixing some of the malware, and then come back to the no internet issue.

Please run this Custom Scan below.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the Posted Image box Cope & Paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$."
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    netbt.sys
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 14 April 2012 - 12:37 PM

OTL logfile created on: 4/14/2012 1:31:30 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 82.67% Memory free
3.85 Gb Paging File | 3.66 Gb Available in Paging File | 95.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 121.87 Gb Free Space | 52.33% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 1.00 Gb Free Space | 26.85% Space Free | Partition Type: FAT32

Computer Name: B455DF2A840947D | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 06:50:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
PRC - [2012/01/28 13:17:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irsir.dll -- (windowblinds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomemanagementserver.dll -- (wfxsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgcoresvc.dll -- (wacomvhid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIBTXBAR.dll -- (vzcdbsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BrUsbSer.dll -- (vmnetadapter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (VICESYS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASDR.dll -- (vaiomediaplatform-mobile-gateway)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Freedom.dll -- (utscsi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcLps.dll -- (ultra66)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoteaccess.dll -- (tvald)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll -- (transbaseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (tifm21)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netmdsb.dll -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gtndis5.dll -- (sysaidagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\licensemanagersocket.dll -- (SRVLOC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igateway.dll -- (SiSRaid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webrootadminconsole.dll -- (SE2Dbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinetmgr.dll -- (SE26mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgsvcgen.dll -- (s3psddr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hddsvc.dll -- (rpcapd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahome92tnslistener.dll -- (roxwatch9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RVIEG01.dll -- (roxliveshare)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (RioS30)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpsrv.dll -- (rimmptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtl8185.dll -- (retrowdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghoststartservice.dll -- (RESMGR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (psdvdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahometnslistener.dll -- (pmem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slee_81_service.dll -- (pinetmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (pepifilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pensup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Afc.dll -- (pdlndlpb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetPipeActivator.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (ntpr_nic_service2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysmgmthp.dll -- (nm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcx1unic.dll -- (nicconfigsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTACCESS.dll -- (mwstick)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdpredir.dll -- (mwssched)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716bus.dll -- (mvdcodec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbaudio.dll -- (mssql$microsoftbcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgclean.dll -- (mozyFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fs_rec.dll -- (mf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipfilterdriver.dll -- (mctaskmanager)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrbus.dll -- (mcrdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Angel2.dll -- (mcdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICSer_WPC300N.dll -- (mcafeeframework)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rksample.dll -- (livesrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (LHidUsbK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (klblmain)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMNDIS5.dll -- (issvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EPOWER.dll -- (InterBaseGuardian)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ati2mpaa.dll -- (icepack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcq_device.dll -- (iAimTV6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll -- (hpzius12)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\secdrv.dll -- (HIDSwvd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atimpab.dll -- (genregistrar)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (FETNDIS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ichaud.dll -- (epson_pm_rpcv2_02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\STV680m.dll -- (earthlinksafeconnectagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrsce.dll -- (ddxgb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CYGF32X)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DMICall.dll -- (CXAVXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk21.dll -- (cvintdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (cmigameport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cinemsup.dll -- (CE3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt39.dll -- (CdaD10BA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwsecsvc.dll -- (caccprovsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (bdss)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (ASDR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsfhwazl.dll -- (AppnBase)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eeyeevnt.dll -- (APLMp50)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/04/14 08:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\parvdm.dll -- (NPDriver)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 16:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/05 14:16:44 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/04/14 08:00:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/28 13:17:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 10:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 17:42:52 | 000,000,000 | ---D | M]

[2010/10/20 17:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me\Application Data\Mozilla\Extensions
[2012/03/28 12:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\filgc1wm.default\extensions
[2011/11/10 23:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FILGC1WM.DEFAULT\EXTENSIONS\YVTEUGOSTF@YVTEUGOSTF.ORG.XPI
[2012/03/24 10:24:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/04 11:20:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/04 11:20:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1220945662-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/20 15:21:05 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/04/12 17:12:20 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/04/12 17:12:22 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{33510c8e-045f-11e0-8f1f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33510c8e-045f-11e0-8f1f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33510c8e-045f-11e0-8f1f-806d6172696f}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: 94995971.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: rimmptsk - %systemroot%\system32\tpsrv.dll File not found
NetSvcs: utscsi - %systemroot%\system32\Freedom.dll File not found
NetSvcs: pepifilter - %systemroot%\system32\TOSHIBASoftModem.dll File not found
NetSvcs: mwstick - %systemroot%\system32\NTACCESS.dll File not found
NetSvcs: bdss - %systemroot%\system32\tmmbd.dll File not found
NetSvcs: tvald - %systemroot%\system32\remoteaccess.dll File not found
NetSvcs: mctaskmanager - %systemroot%\system32\ipfilterdriver.dll File not found
NetSvcs: tfsndrct - %systemroot%\system32\netmdsb.dll File not found
NetSvcs: tifm21 - %systemroot%\system32\prosync1.dll File not found
NetSvcs: VICESYS - %systemroot%\system32\ccflic0.dll File not found
NetSvcs: CYGF32X - %systemroot%\system32\oracleformsserver-forms60server-oraform.dll File not found
NetSvcs: mvdcodec - %systemroot%\system32\s716bus.dll File not found
NetSvcs: roxwatch9 - %systemroot%\system32\oracleorahome92tnslistener.dll File not found
NetSvcs: RESMGR - %systemroot%\system32\ghoststartservice.dll File not found
NetSvcs: earthlinksafeconnectagent - %systemroot%\system32\STV680m.dll File not found
NetSvcs: sysaidagent - %systemroot%\system32\gtndis5.dll File not found
NetSvcs: hpzius12 - %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll File not found
NetSvcs: FETNDIS - %systemroot%\system32\s217bus.dll File not found
NetSvcs: mcrdsvc - %systemroot%\system32\zebrbus.dll File not found
NetSvcs: NWSIPX32 - %systemroot%\system32\NetPipeActivator.dll File not found
NetSvcs: windowblinds - %systemroot%\system32\irsir.dll File not found
NetSvcs: caccprovsp - %systemroot%\system32\wwsecsvc.dll File not found
NetSvcs: mwssched - %systemroot%\system32\bdpredir.dll File not found
NetSvcs: vmnetadapter - %systemroot%\system32\BrUsbSer.dll File not found
NetSvcs: mssql$microsoftbcm - %systemroot%\system32\usbaudio.dll File not found
NetSvcs: ASDR - %systemroot%\system32\psadd.dll File not found
NetSvcs: HIDSwvd - %systemroot%\system32\secdrv.dll File not found
NetSvcs: wfxsvc - %systemroot%\system32\oracleorahomemanagementserver.dll File not found
NetSvcs: mozyFilter - %systemroot%\system32\avgclean.dll File not found
NetSvcs: vzcdbsvc - %systemroot%\system32\ATIBTXBAR.dll File not found
NetSvcs: ntpr_nic_service2 - %systemroot%\system32\rapapp.dll File not found
NetSvcs: livesrv - %systemroot%\system32\rksample.dll File not found
NetSvcs: epson_pm_rpcv2_02 - %systemroot%\system32\ichaud.dll File not found
NetSvcs: s3psddr - %systemroot%\system32\bgsvcgen.dll File not found
NetSvcs: icepack - %systemroot%\system32\ati2mpaa.dll File not found
NetSvcs: retrowdsvc - %systemroot%\system32\rtl8185.dll File not found
NetSvcs: mcafeeframework - %systemroot%\system32\NICSer_WPC300N.dll File not found
NetSvcs: NPDriver - C:\WINDOWS\system32\parvdm.dll (Oak Technology Inc.)
NetSvcs: cmigameport - %systemroot%\system32\s616mdm.dll File not found
NetSvcs: SE2Dbus - %systemroot%\system32\webrootadminconsole.dll File not found
NetSvcs: pinetmgr - %systemroot%\system32\slee_81_service.dll File not found
NetSvcs: APLMp50 - %systemroot%\system32\eeyeevnt.dll File not found
NetSvcs: CE3 - %systemroot%\system32\Cinemsup.dll File not found
NetSvcs: vaiomediaplatform-mobile-gateway - %systemroot%\system32\ASDR.dll File not found
NetSvcs: iAimTV6 - %systemroot%\system32\dlcq_device.dll File not found
NetSvcs: pmem - %systemroot%\system32\oracleorahometnslistener.dll File not found
NetSvcs: SiSRaid - %systemroot%\system32\igateway.dll File not found
NetSvcs: CDRPDACC - %systemroot%\system32\viaudio.dll File not found
NetSvcs: mf - %systemroot%\system32\fs_rec.dll File not found
NetSvcs: SE26mdfl - %systemroot%\system32\pinetmgr.dll File not found
NetSvcs: CdaD10BA - %systemroot%\system32\SunkFilt39.dll File not found
NetSvcs: nm - %systemroot%\system32\sysmgmthp.dll File not found
NetSvcs: wacomvhid - %systemroot%\system32\avgcoresvc.dll File not found
NetSvcs: LHidUsbK - %systemroot%\system32\tphdexlgsvc.dll File not found
NetSvcs: k750mdfl - %systemroot%\system32\ultra66.dll File not found
NetSvcs: RioS30 - %systemroot%\system32\oracleorahomedatagatherer.dll File not found
NetSvcs: SRVLOC - %systemroot%\system32\licensemanagersocket.dll File not found
NetSvcs: genregistrar - %systemroot%\system32\atimpab.dll File not found
NetSvcs: CXAVXBAR - %systemroot%\system32\DMICall.dll File not found
NetSvcs: InterBaseGuardian - %systemroot%\system32\EPOWER.dll File not found
NetSvcs: issvc - %systemroot%\system32\SMNDIS5.dll File not found
NetSvcs: transbaseservice - %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll File not found
NetSvcs: rpcapd - %systemroot%\system32\hddsvc.dll File not found
NetSvcs: klblmain - %systemroot%\system32\cachemgr.dll File not found
NetSvcs: pdlndlpb - %systemroot%\system32\Afc.dll File not found
NetSvcs: mcdbus - %systemroot%\system32\Angel2.dll File not found
NetSvcs: roxliveshare - %systemroot%\system32\RVIEG01.dll File not found
NetSvcs: psdvdisk - %systemroot%\system32\RecAgent.dll File not found
NetSvcs: pensup - %systemroot%\system32\WaveFDE.dll File not found
NetSvcs: nicconfigsvc - %systemroot%\system32\pcx1unic.dll File not found
NetSvcs: ddxgb - %systemroot%\system32\zebrsce.dll File not found
NetSvcs: ultra66 - %systemroot%\system32\DcLps.dll File not found
NetSvcs: cvintdrv - %systemroot%\system32\PSSdk21.dll File not found
NetSvcs: mcupdmgr.exe - %systemroot%\system32\backupexecjobengine.dll File not found
NetSvcs: AppnBase - %systemroot%\system32\hsfhwazl.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 17:39:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/04/13 17:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/04/13 17:30:43 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/04/13 17:26:23 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/04/13 17:26:21 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2012/04/13 17:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2012/04/13 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/04/13 07:09:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\me\UserData
[2012/04/12 17:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/12 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/12 17:12:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\me\Desktop\erunt-setup.exe
[2012/04/12 17:12:20 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012/04/12 07:01:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2012/04/12 06:54:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\me\Desktop\aswMBR.exe
[2012/04/10 19:57:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\me\Desktop\dds.scr
[2012/04/10 17:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/04/10 17:27:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/05 00:18:13 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\43528141.sys
[2012/04/02 21:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/02 21:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/03/31 17:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\Pics
[2012/03/27 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/27 14:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/27 14:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/26 20:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Local Settings\Application Data\Threat Expert
[2012/03/26 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/26 19:12:57 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/26 19:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/26 19:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/26 19:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\TestApp
[2012/03/26 19:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/26 19:06:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\me\Desktop\TDSSKiller.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 13:23:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 13:18:10 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1972579041-1801674531-1003UA.job
[2012/04/14 12:18:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1972579041-1801674531-1003.job
[2012/04/14 04:18:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1972579041-1801674531-1003Core.job
[2012/04/13 17:58:21 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/13 17:58:21 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/13 17:54:27 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1972579041-1801674531-1003.job
[2012/04/13 17:54:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/13 17:54:24 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/13 17:54:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/13 17:41:28 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/13 17:39:46 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2012/04/13 17:25:15 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/04/13 17:19:48 | 004,105,863 | ---- | M] () -- C:\Documents and Settings\me\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/04/13 07:08:33 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/12 17:16:08 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\me\Desktop\NTREGOPT.lnk
[2012/04/12 17:16:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\me\Desktop\ERUNT.lnk
[2012/04/12 17:09:54 | 000,010,996 | ---- | M] () -- C:\Documents and Settings\me\Desktop\NetBT.reg
[2012/04/12 17:09:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\me\Desktop\erunt-setup.exe
[2012/04/12 17:05:40 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Flash_Disinfector.exe
[2012/04/12 06:50:58 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\me\Desktop\FSS.exe
[2012/04/12 06:50:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2012/04/12 06:44:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\me\Desktop\aswMBR.exe
[2012/04/10 19:57:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\me\defogger_reenable
[2012/04/10 18:01:16 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\me\Desktop\gmer.zip
[2012/04/10 17:58:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\me\Desktop\dds.scr
[2012/04/10 17:56:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Defogger.exe
[2012/04/09 21:10:58 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/06 00:32:04 | 000,001,418 | ---- | M] () -- C:\Documents and Settings\me\Desktop\sdsetup.exe.lnk
[2012/04/05 21:55:32 | 000,010,662 | ---- | M] () -- C:\Documents and Settings\me\My Documents\cc_20120405_215515.reg
[2012/04/05 00:18:13 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\43528141.sys
[2012/04/04 22:44:24 | 000,024,828 | ---- | M] () -- C:\Documents and Settings\me\My Documents\cc_20120404_224415.reg
[2012/04/02 22:23:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/31 19:22:04 | 033,475,756 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Pics.zip
[2012/03/31 11:22:03 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/03/27 15:50:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/26 23:13:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/26 19:13:19 | 000,555,294 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\me\Desktop\TDSSKiller.exe
[2012/03/24 16:01:40 | 000,095,217 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Charlie.jpg
[2012/03/24 15:10:05 | 000,088,039 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Frog edit.JPG
[2012/03/24 10:23:55 | 000,000,351 | RHS- | M] () -- C:\boot.ini
[2012/03/23 18:15:07 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/23 18:15:05 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Google Chrome.lnk
[2012/03/18 11:19:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/13 17:25:15 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/04/13 17:21:50 | 004,105,863 | ---- | C] () -- C:\Documents and Settings\me\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/04/12 17:16:08 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\me\Desktop\NTREGOPT.lnk
[2012/04/12 17:16:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\me\Desktop\ERUNT.lnk
[2012/04/12 17:13:00 | 000,010,996 | ---- | C] () -- C:\Documents and Settings\me\Desktop\NetBT.reg
[2012/04/12 17:12:11 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Flash_Disinfector.exe
[2012/04/12 06:57:49 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\me\Desktop\FSS.exe
[2012/04/10 19:57:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\me\defogger_reenable
[2012/04/10 19:57:09 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\me\Desktop\gmer.zip
[2012/04/10 19:57:05 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Defogger.exe
[2012/04/05 21:55:18 | 000,010,662 | ---- | C] () -- C:\Documents and Settings\me\My Documents\cc_20120405_215515.reg
[2012/04/04 22:44:18 | 000,024,828 | ---- | C] () -- C:\Documents and Settings\me\My Documents\cc_20120404_224415.reg
[2012/03/31 19:09:28 | 033,475,756 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Pics.zip
[2012/03/27 14:48:05 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/03/27 14:28:29 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/26 19:13:04 | 000,555,294 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/26 19:12:28 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\me\Desktop\sdsetup.exe.lnk
[2012/03/24 16:01:40 | 000,095,217 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Charlie.jpg
[2012/03/24 15:08:58 | 000,088,039 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Frog edit.JPG
[2012/03/07 22:25:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 09:25:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/16 09:25:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 09:25:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/16 09:25:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/16 09:25:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/28 21:33:21 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQS
[2012/01/28 21:33:21 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQSr
[2012/01/28 21:33:17 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\W4ID0FNNbYCqQS
[2012/01/26 18:52:10 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWu
[2012/01/26 18:52:10 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWur
[2012/01/26 18:52:04 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zRfpj2rbftmkWu
[2011/09/27 19:16:34 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 00:13:28 | 000,004,626 | -HS- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
[2011/06/15 00:13:28 | 000,004,626 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
[2011/04/26 16:44:17 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0
[2011/04/05 01:28:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 16:44:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/04 12:13:34 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/20 17:10:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/20 16:21:20 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/20 16:21:14 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/20 16:21:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/20 16:09:55 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/10/20 15:36:28 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/10/20 15:34:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2010/10/20 15:30:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 15:23:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 15:18:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/20 11:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/20 11:11:09 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." >
[2011/04/26 18:48:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2079403$
[2010/10/20 16:19:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2115168$
[2010/10/20 16:22:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2121546$
[2010/10/20 17:19:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2010/10/20 16:22:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2158563$
[2010/10/20 16:19:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2229593$
[2010/10/20 16:22:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2259922$
[2010/10/20 16:24:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2279986$
[2010/10/20 16:19:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2286198$
[2010/10/20 16:22:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2296011$
[2011/06/15 21:08:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2296199$
[2010/10/20 17:19:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2345886$
[2010/10/20 16:22:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2347290$
[2010/10/20 16:23:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2360131$
[2010/10/20 16:24:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2360937$
[2010/10/20 16:23:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[2010/10/20 16:23:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2387149$
[2010/12/08 23:03:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2393802$
[2011/04/16 00:54:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2412687$
[2011/01/14 12:34:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2419632$
[2010/12/15 02:21:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/12/15 02:22:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2436673$
[2010/12/15 02:22:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2440591$
[2010/12/15 02:23:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2443105$
[2010/12/15 02:22:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2443685$
[2010/12/15 02:22:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2467659$
[2011/06/15 22:07:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2476490$
[2010/12/08 23:04:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2476687$
[2010/12/08 23:04:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2478960$
[2010/12/08 23:05:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2478971$
[2010/12/08 23:05:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2479628$
[2011/03/10 00:01:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2479943$
[2011/03/10 00:00:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2481109$
[2010/12/08 23:05:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2483185$
[2010/12/08 23:05:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2485376$
[2011/04/16 00:55:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2485663$
[2011/04/16 00:54:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2503658$
[2011/06/15 22:07:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2503665$
[2011/04/16 00:54:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2506212$
[2011/04/16 00:55:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2506223$
[2011/04/16 00:54:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2507618$
[2011/07/13 08:29:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2507938$
[2011/04/16 00:54:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2508272$
[2011/04/16 00:54:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2508429$
[2011/04/16 00:53:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2509553$
[2011/04/16 00:54:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2511455$
[2011/03/24 18:07:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2524375$
[2011/06/15 22:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2535512$
[2011/06/15 22:06:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2536276$
[2011/08/11 23:35:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2536276-v2$
[2011/06/29 19:19:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2541763$
[2011/06/15 22:04:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2544893$
[2011/11/10 09:24:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[2011/07/13 08:27:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2555917$
[2011/08/11 08:25:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2562937$
[2011/10/13 07:45:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2564958$
[2011/08/11 08:25:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2566454$
[2011/10/13 07:42:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2567053$
[2011/08/11 23:35:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2567680$
[2011/08/11 23:35:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2570222$
[2011/08/24 08:05:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2570791$
[2011/09/14 23:51:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2570947$
[2012/01/12 00:36:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2584146$
[2012/03/07 22:25:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2585542$
[2011/10/13 07:42:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2592799$
[2012/01/12 00:39:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2598479$
[2012/01/12 00:37:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2603381$
[2011/09/07 01:07:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2607712$
[2011/09/14 23:52:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2616676$
[2011/12/15 00:58:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2618451$
[2011/12/15 00:58:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2619339$
[2011/12/15 00:58:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2620712$
[2012/03/18 11:19:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2621440$
[2011/12/15 01:00:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2624667$
[2012/01/12 00:40:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2631813$
[2011/12/15 00:58:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2633171$
[2011/12/15 00:58:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2633952$
[2011/12/15 01:00:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2639417$
[2012/03/18 11:19:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641653$
[2011/11/12 02:59:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2641690$
[2012/01/12 00:40:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB2646524$
[2012/03/18 11:19:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2647518$
[2012/03/07 22:31:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2660465$
[2012/03/07 22:30:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2661637$
[2010/10/20 11:12:06 | 000,000,000 | -HSD | M] -- C:\WINDOWS\$NtUninstallKB57722$
[2010/10/20 15:40:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB898461$
[2010/10/20 16:03:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB923561$
[2011/06/30 16:12:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB929399$
[2011/07/02 03:00:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB939683$
[2011/06/30 16:12:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB941569$
[2010/10/20 16:02:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB946648$
[2010/10/20 16:02:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950760$
[2010/10/20 16:02:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950762$
[2010/10/20 16:02:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB950974$
[2010/10/20 16:02:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2$
[2010/10/20 16:02:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951748$
[2010/10/20 16:02:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB951978$
[2010/10/20 16:04:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952004$
[2010/10/20 16:16:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952069_WM9$
[2010/10/20 16:02:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952287$
[2010/10/20 16:02:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB952954$
[2011/06/30 16:11:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954154_WM11$
[2010/10/20 16:15:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954155_WM9$
[2010/10/20 16:03:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB954459$
[2010/10/20 16:16:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB955759$
[2010/10/20 16:04:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956572$
[2010/10/20 16:05:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956744$
[2010/10/20 16:03:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956802$
[2010/10/20 16:03:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956803$
[2010/10/20 16:15:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB956844$
[2010/10/20 16:02:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958644$
[2012/03/24 10:21:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB958869$
[2010/10/20 16:04:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB959426$
[2010/10/20 16:04:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960803$
[2010/10/20 16:05:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB960859$
[2011/07/28 00:01:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB961118$
[2010/10/20 16:04:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB961501$
[2010/10/20 16:03:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB967715$
[2010/10/20 16:15:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB968389$
[2010/10/20 16:15:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB969059$
[2010/10/20 17:19:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB970430$
[2011/03/16 18:37:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971029$
[2010/10/20 16:05:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971657$
[2010/10/20 17:19:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971737$
[2010/10/20 16:15:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB971961$
[2010/10/20 16:16:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB972270$
[2010/10/20 16:05:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973507$
[2010/10/20 16:04:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973540_WM9$
[2010/12/15 02:22:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973687$
[2010/10/20 16:05:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973815$
[2010/10/20 16:05:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973869$
[2010/10/20 16:16:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB973904$
[2010/10/20 16:15:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974112$
[2010/10/20 16:16:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974318$
[2010/10/20 16:16:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974392$
[2010/10/20 16:15:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB974571$
[2010/10/20 16:15:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975025$
[2010/10/20 16:16:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975467$
[2010/10/20 16:22:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975558_WM8$
[2010/10/20 16:17:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975560$
[2010/10/20 16:19:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975562$
[2010/10/20 16:17:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB975713$
[2010/10/20 16:18:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB977816$
[2010/10/20 16:17:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB977914$
[2010/10/20 16:17:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978037$
[2010/10/20 16:18:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978338$
[2010/10/20 16:18:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978542$
[2010/10/20 16:18:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978601$
[2010/10/20 16:18:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978695_WM9$
[2010/10/20 16:17:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB978706$
[2010/10/20 16:18:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979309$
[2010/10/20 16:19:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979482$
[2010/10/20 16:22:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB979687$
[2010/10/20 16:19:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980195$
[2010/10/20 16:18:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980232$
[2010/10/20 16:20:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB980436$
[2010/10/20 16:22:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981322$
[2010/10/20 16:18:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981349$
[2010/10/20 16:20:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981852$
[2010/10/20 16:24:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981957$
[2010/10/20 16:20:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB981997$
[2010/10/20 16:23:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982132$
[2010/10/20 16:19:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982214$
[2010/10/20 16:19:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB982665$

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/10/20 11:10:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/10/20 11:10:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/10/20 11:10:08 | 000,929,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/05 00:18:13 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\43528141.sys
[2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTSD.sys

< %SYSTEMDRIVE%\*.exe >
[2004/06/11 19:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETBT.SYS >
[2008/04/14 08:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/14 08:00:00 | 000,162,816 | ---- | M] () MD5=D1FB86D58B151D274216C9146003A6E3 -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/24 10:24:10 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/24 10:24:12 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB57722$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 15 April 2012 - 03:12 AM

Hi!

Thanks for the new log file.

Do you happen to have your Windows disc?

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irsir.dll -- (windowblinds)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomemanagementserver.dll -- (wfxsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgcoresvc.dll -- (wacomvhid)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIBTXBAR.dll -- (vzcdbsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BrUsbSer.dll -- (vmnetadapter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccflic0.dll -- (VICESYS)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASDR.dll -- (vaiomediaplatform-mobile-gateway)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Freedom.dll -- (utscsi)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcLps.dll -- (ultra66)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoteaccess.dll -- (tvald)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll -- (transbaseservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (tifm21)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netmdsb.dll -- (tfsndrct)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gtndis5.dll -- (sysaidagent)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\licensemanagersocket.dll -- (SRVLOC)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igateway.dll -- (SiSRaid)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webrootadminconsole.dll -- (SE2Dbus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinetmgr.dll -- (SE26mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgsvcgen.dll -- (s3psddr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hddsvc.dll -- (rpcapd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahome92tnslistener.dll -- (roxwatch9)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RVIEG01.dll -- (roxliveshare)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (RioS30)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpsrv.dll -- (rimmptsk)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtl8185.dll -- (retrowdsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghoststartservice.dll -- (RESMGR)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (psdvdisk)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahometnslistener.dll -- (pmem)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slee_81_service.dll -- (pinetmgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (pepifilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pensup)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Afc.dll -- (pdlndlpb)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetPipeActivator.dll -- (NWSIPX32)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (ntpr_nic_service2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysmgmthp.dll -- (nm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcx1unic.dll -- (nicconfigsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTACCESS.dll -- (mwstick)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdpredir.dll -- (mwssched)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716bus.dll -- (mvdcodec)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbaudio.dll -- (mssql$microsoftbcm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgclean.dll -- (mozyFilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fs_rec.dll -- (mf)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (mcupdmgr.exe)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipfilterdriver.dll -- (mctaskmanager)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrbus.dll -- (mcrdsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Angel2.dll -- (mcdbus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICSer_WPC300N.dll -- (mcafeeframework)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rksample.dll -- (livesrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (LHidUsbK)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (klblmain)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (k750mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMNDIS5.dll -- (issvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EPOWER.dll -- (InterBaseGuardian)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ati2mpaa.dll -- (icepack)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcq_device.dll -- (iAimTV6)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll -- (hpzius12)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\secdrv.dll -- (HIDSwvd)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atimpab.dll -- (genregistrar)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (FETNDIS)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ichaud.dll -- (epson_pm_rpcv2_02)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\STV680m.dll -- (earthlinksafeconnectagent)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrsce.dll -- (ddxgb)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CYGF32X)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DMICall.dll -- (CXAVXBAR)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk21.dll -- (cvintdrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (cmigameport)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cinemsup.dll -- (CE3)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (CDRPDACC)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt39.dll -- (CdaD10BA)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwsecsvc.dll -- (caccprovsp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (bdss)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (ASDR)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsfhwazl.dll -- (AppnBase)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eeyeevnt.dll -- (APLMp50)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys -- (catchme)
    NetSvcs: rimmptsk - %systemroot%\system32\tpsrv.dll File not found
    NetSvcs: utscsi - %systemroot%\system32\Freedom.dll File not found
    NetSvcs: pepifilter - %systemroot%\system32\TOSHIBASoftModem.dll File not found
    NetSvcs: mwstick - %systemroot%\system32\NTACCESS.dll File not found
    NetSvcs: bdss - %systemroot%\system32\tmmbd.dll File not found
    NetSvcs: tvald - %systemroot%\system32\remoteaccess.dll File not found
    NetSvcs: mctaskmanager - %systemroot%\system32\ipfilterdriver.dll File not found
    NetSvcs: tfsndrct - %systemroot%\system32\netmdsb.dll File not found
    NetSvcs: tifm21 - %systemroot%\system32\prosync1.dll File not found
    NetSvcs: VICESYS - %systemroot%\system32\ccflic0.dll File not found
    NetSvcs: CYGF32X - %systemroot%\system32\oracleformsserver-forms60server-oraform.dll File not found
    NetSvcs: mvdcodec - %systemroot%\system32\s716bus.dll File not found
    NetSvcs: roxwatch9 - %systemroot%\system32\oracleorahome92tnslistener.dll File not found
    NetSvcs: RESMGR - %systemroot%\system32\ghoststartservice.dll File not found
    NetSvcs: earthlinksafeconnectagent - %systemroot%\system32\STV680m.dll File not found
    NetSvcs: sysaidagent - %systemroot%\system32\gtndis5.dll File not found
    NetSvcs: hpzius12 - %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll File not found
    NetSvcs: FETNDIS - %systemroot%\system32\s217bus.dll File not found
    NetSvcs: mcrdsvc - %systemroot%\system32\zebrbus.dll File not found
    NetSvcs: NWSIPX32 - %systemroot%\system32\NetPipeActivator.dll File not found
    NetSvcs: windowblinds - %systemroot%\system32\irsir.dll File not found
    NetSvcs: caccprovsp - %systemroot%\system32\wwsecsvc.dll File not found
    NetSvcs: mwssched - %systemroot%\system32\bdpredir.dll File not found
    NetSvcs: vmnetadapter - %systemroot%\system32\BrUsbSer.dll File not found
    NetSvcs: mssql$microsoftbcm - %systemroot%\system32\usbaudio.dll File not found
    NetSvcs: ASDR - %systemroot%\system32\psadd.dll File not found
    NetSvcs: HIDSwvd - %systemroot%\system32\secdrv.dll File not found
    NetSvcs: wfxsvc - %systemroot%\system32\oracleorahomemanagementserver.dll File not found
    NetSvcs: mozyFilter - %systemroot%\system32\avgclean.dll File not found
    NetSvcs: vzcdbsvc - %systemroot%\system32\ATIBTXBAR.dll File not found
    NetSvcs: ntpr_nic_service2 - %systemroot%\system32\rapapp.dll File not found
    NetSvcs: livesrv - %systemroot%\system32\rksample.dll File not found
    NetSvcs: epson_pm_rpcv2_02 - %systemroot%\system32\ichaud.dll File not found
    NetSvcs: s3psddr - %systemroot%\system32\bgsvcgen.dll File not found
    NetSvcs: icepack - %systemroot%\system32\ati2mpaa.dll File not found
    NetSvcs: retrowdsvc - %systemroot%\system32\rtl8185.dll File not found
    NetSvcs: mcafeeframework - %systemroot%\system32\NICSer_WPC300N.dll File not found
    NetSvcs: NPDriver - C:\WINDOWS\system32\parvdm.dll (Oak Technology Inc.)
    NetSvcs: cmigameport - %systemroot%\system32\s616mdm.dll File not found
    NetSvcs: SE2Dbus - %systemroot%\system32\webrootadminconsole.dll File not found
    NetSvcs: pinetmgr - %systemroot%\system32\slee_81_service.dll File not found
    NetSvcs: APLMp50 - %systemroot%\system32\eeyeevnt.dll File not found
    NetSvcs: CE3 - %systemroot%\system32\Cinemsup.dll File not found
    NetSvcs: vaiomediaplatform-mobile-gateway - %systemroot%\system32\ASDR.dll File not found
    NetSvcs: iAimTV6 - %systemroot%\system32\dlcq_device.dll File not found
    NetSvcs: pmem - %systemroot%\system32\oracleorahometnslistener.dll File not found
    NetSvcs: SiSRaid - %systemroot%\system32\igateway.dll File not found
    NetSvcs: CDRPDACC - %systemroot%\system32\viaudio.dll File not found
    NetSvcs: mf - %systemroot%\system32\fs_rec.dll File not found
    NetSvcs: SE26mdfl - %systemroot%\system32\pinetmgr.dll File not found
    NetSvcs: CdaD10BA - %systemroot%\system32\SunkFilt39.dll File not found
    NetSvcs: nm - %systemroot%\system32\sysmgmthp.dll File not found
    NetSvcs: wacomvhid - %systemroot%\system32\avgcoresvc.dll File not found
    NetSvcs: LHidUsbK - %systemroot%\system32\tphdexlgsvc.dll File not found
    NetSvcs: k750mdfl - %systemroot%\system32\ultra66.dll File not found
    NetSvcs: RioS30 - %systemroot%\system32\oracleorahomedatagatherer.dll File not found
    NetSvcs: SRVLOC - %systemroot%\system32\licensemanagersocket.dll File not found
    NetSvcs: genregistrar - %systemroot%\system32\atimpab.dll File not found
    NetSvcs: CXAVXBAR - %systemroot%\system32\DMICall.dll File not found
    NetSvcs: InterBaseGuardian - %systemroot%\system32\EPOWER.dll File not found
    NetSvcs: issvc - %systemroot%\system32\SMNDIS5.dll File not found
    NetSvcs: transbaseservice - %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll File not found
    NetSvcs: rpcapd - %systemroot%\system32\hddsvc.dll File not found
    NetSvcs: klblmain - %systemroot%\system32\cachemgr.dll File not found
    NetSvcs: pdlndlpb - %systemroot%\system32\Afc.dll File not found
    NetSvcs: mcdbus - %systemroot%\system32\Angel2.dll File not found
    NetSvcs: roxliveshare - %systemroot%\system32\RVIEG01.dll File not found
    NetSvcs: psdvdisk - %systemroot%\system32\RecAgent.dll File not found
    NetSvcs: pensup - %systemroot%\system32\WaveFDE.dll File not found
    NetSvcs: nicconfigsvc - %systemroot%\system32\pcx1unic.dll File not found
    NetSvcs: ddxgb - %systemroot%\system32\zebrsce.dll File not found
    NetSvcs: ultra66 - %systemroot%\system32\DcLps.dll File not found
    NetSvcs: cvintdrv - %systemroot%\system32\PSSdk21.dll File not found
    NetSvcs: mcupdmgr.exe - %systemroot%\system32\backupexecjobengine.dll File not found
    NetSvcs: AppnBase - %systemroot%\system32\hsfhwazl.dll File not found
    [2012/04/13 07:08:33 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/01/28 21:33:21 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQS
    [2012/01/28 21:33:21 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQSr
    [2012/01/28 21:33:17 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\W4ID0FNNbYCqQS
    [2012/01/26 18:52:10 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWu
    [2012/01/26 18:52:10 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWur
    [2012/01/26 18:52:04 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zRfpj2rbftmkWu
    [2011/09/27 19:16:34 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/15 00:13:28 | 000,004,626 | -HS- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
    [2011/06/15 00:13:28 | 000,004,626 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
    [2011/04/26 16:44:17 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0
    
    :Files
    C:\WINDOWS\system32\drivers\netbt.sys|C:\WINDOWS\system32\dllcache\netbt.sys /replace
    net start netbt
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Xyklon

Xyklon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 15 April 2012 - 06:09 PM

No I don't have the original Windows discs :wacko:

Here is the latest log:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Service windowblinds stopped successfully!
Service windowblinds deleted successfully!
File %systemroot%\system32\irsir.dll not found.
Service wfxsvc stopped successfully!
Service wfxsvc deleted successfully!
File %systemroot%\system32\oracleorahomemanagementserver.dll not found.
Service wacomvhid stopped successfully!
Service wacomvhid deleted successfully!
File %systemroot%\system32\avgcoresvc.dll not found.
Service vzcdbsvc stopped successfully!
Service vzcdbsvc deleted successfully!
File %systemroot%\system32\ATIBTXBAR.dll not found.
Service vmnetadapter stopped successfully!
Service vmnetadapter deleted successfully!
File %systemroot%\system32\BrUsbSer.dll not found.
Service VICESYS stopped successfully!
Service VICESYS deleted successfully!
File %systemroot%\system32\ccflic0.dll not found.
Service vaiomediaplatform-mobile-gateway stopped successfully!
Service vaiomediaplatform-mobile-gateway deleted successfully!
File %systemroot%\system32\ASDR.dll not found.
Service utscsi stopped successfully!
Service utscsi deleted successfully!
File %systemroot%\system32\Freedom.dll not found.
Service ultra66 stopped successfully!
Service ultra66 deleted successfully!
File %systemroot%\system32\DcLps.dll not found.
Service tvald stopped successfully!
Service tvald deleted successfully!
File %systemroot%\system32\remoteaccess.dll not found.
Service transbaseservice stopped successfully!
Service transbaseservice deleted successfully!
File %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll not found.
Service tifm21 stopped successfully!
Service tifm21 deleted successfully!
File %systemroot%\system32\prosync1.dll not found.
Service tfsndrct stopped successfully!
Service tfsndrct deleted successfully!
File %systemroot%\system32\netmdsb.dll not found.
Service sysaidagent stopped successfully!
Service sysaidagent deleted successfully!
File %systemroot%\system32\gtndis5.dll not found.
Service SRVLOC stopped successfully!
Service SRVLOC deleted successfully!
File %systemroot%\system32\licensemanagersocket.dll not found.
Service SiSRaid stopped successfully!
Service SiSRaid deleted successfully!
File %systemroot%\system32\igateway.dll not found.
Service SE2Dbus stopped successfully!
Service SE2Dbus deleted successfully!
File %systemroot%\system32\webrootadminconsole.dll not found.
Service SE26mdfl stopped successfully!
Service SE26mdfl deleted successfully!
File %systemroot%\system32\pinetmgr.dll not found.
Service s3psddr stopped successfully!
Service s3psddr deleted successfully!
File %systemroot%\system32\bgsvcgen.dll not found.
Service rpcapd stopped successfully!
Service rpcapd deleted successfully!
File %systemroot%\system32\hddsvc.dll not found.
Service roxwatch9 stopped successfully!
Service roxwatch9 deleted successfully!
File %systemroot%\system32\oracleorahome92tnslistener.dll not found.
Service roxliveshare stopped successfully!
Service roxliveshare deleted successfully!
File %systemroot%\system32\RVIEG01.dll not found.
Service RioS30 stopped successfully!
Service RioS30 deleted successfully!
File %systemroot%\system32\oracleorahomedatagatherer.dll not found.
Service rimmptsk stopped successfully!
Service rimmptsk deleted successfully!
File %systemroot%\system32\tpsrv.dll not found.
Service retrowdsvc stopped successfully!
Service retrowdsvc deleted successfully!
File %systemroot%\system32\rtl8185.dll not found.
Service RESMGR stopped successfully!
Service RESMGR deleted successfully!
File %systemroot%\system32\ghoststartservice.dll not found.
Service psdvdisk stopped successfully!
Service psdvdisk deleted successfully!
File %systemroot%\system32\RecAgent.dll not found.
Service pmem stopped successfully!
Service pmem deleted successfully!
File %systemroot%\system32\oracleorahometnslistener.dll not found.
Service pinetmgr stopped successfully!
Service pinetmgr deleted successfully!
File %systemroot%\system32\slee_81_service.dll not found.
Service pepifilter stopped successfully!
Service pepifilter deleted successfully!
File %systemroot%\system32\TOSHIBASoftModem.dll not found.
Service pensup stopped successfully!
Service pensup deleted successfully!
File %systemroot%\system32\WaveFDE.dll not found.
Service pdlndlpb stopped successfully!
Service pdlndlpb deleted successfully!
File %systemroot%\system32\Afc.dll not found.
Service NWSIPX32 stopped successfully!
Service NWSIPX32 deleted successfully!
File %systemroot%\system32\NetPipeActivator.dll not found.
Service ntpr_nic_service2 stopped successfully!
Service ntpr_nic_service2 deleted successfully!
File %systemroot%\system32\rapapp.dll not found.
Service nm stopped successfully!
Service nm deleted successfully!
File %systemroot%\system32\sysmgmthp.dll not found.
Service nicconfigsvc stopped successfully!
Service nicconfigsvc deleted successfully!
File %systemroot%\system32\pcx1unic.dll not found.
Service mwstick stopped successfully!
Service mwstick deleted successfully!
File %systemroot%\system32\NTACCESS.dll not found.
Service mwssched stopped successfully!
Service mwssched deleted successfully!
File %systemroot%\system32\bdpredir.dll not found.
Service mvdcodec stopped successfully!
Service mvdcodec deleted successfully!
File %systemroot%\system32\s716bus.dll not found.
Service mssql$microsoftbcm stopped successfully!
Service mssql$microsoftbcm deleted successfully!
File %systemroot%\system32\usbaudio.dll not found.
Service mozyFilter stopped successfully!
Service mozyFilter deleted successfully!
File %systemroot%\system32\avgclean.dll not found.
Service mf stopped successfully!
Service mf deleted successfully!
File %systemroot%\system32\fs_rec.dll not found.
Service mcupdmgr.exe stopped successfully!
Service mcupdmgr.exe deleted successfully!
File %systemroot%\system32\backupexecjobengine.dll not found.
Service mctaskmanager stopped successfully!
Service mctaskmanager deleted successfully!
File %systemroot%\system32\ipfilterdriver.dll not found.
Service mcrdsvc stopped successfully!
Service mcrdsvc deleted successfully!
File %systemroot%\system32\zebrbus.dll not found.
Service mcdbus stopped successfully!
Service mcdbus deleted successfully!
File %systemroot%\system32\Angel2.dll not found.
Service mcafeeframework stopped successfully!
Service mcafeeframework deleted successfully!
File %systemroot%\system32\NICSer_WPC300N.dll not found.
Service livesrv stopped successfully!
Service livesrv deleted successfully!
File %systemroot%\system32\rksample.dll not found.
Service LHidUsbK stopped successfully!
Service LHidUsbK deleted successfully!
File %systemroot%\system32\tphdexlgsvc.dll not found.
Service klblmain stopped successfully!
Service klblmain deleted successfully!
File %systemroot%\system32\cachemgr.dll not found.
Service k750mdfl stopped successfully!
Service k750mdfl deleted successfully!
File %systemroot%\system32\ultra66.dll not found.
Service issvc stopped successfully!
Service issvc deleted successfully!
File %systemroot%\system32\SMNDIS5.dll not found.
Service InterBaseGuardian stopped successfully!
Service InterBaseGuardian deleted successfully!
File %systemroot%\system32\EPOWER.dll not found.
Service icepack stopped successfully!
Service icepack deleted successfully!
File %systemroot%\system32\ati2mpaa.dll not found.
Service iAimTV6 stopped successfully!
Service iAimTV6 deleted successfully!
File %systemroot%\system32\dlcq_device.dll not found.
Service hpzius12 stopped successfully!
Service hpzius12 deleted successfully!
File %systemroot%\system32\oracle_load_balancer_60_server-forms6ip9.dll not found.
Service HIDSwvd stopped successfully!
Service HIDSwvd deleted successfully!
File %systemroot%\system32\secdrv.dll not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service helpsvc stopped successfully!
Service helpsvc deleted successfully!
File %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll not found.
Service genregistrar stopped successfully!
Service genregistrar deleted successfully!
File %systemroot%\system32\atimpab.dll not found.
Service FETNDIS stopped successfully!
Service FETNDIS deleted successfully!
File %systemroot%\system32\s217bus.dll not found.
Service epson_pm_rpcv2_02 stopped successfully!
Service epson_pm_rpcv2_02 deleted successfully!
File %systemroot%\system32\ichaud.dll not found.
Service earthlinksafeconnectagent stopped successfully!
Service earthlinksafeconnectagent deleted successfully!
File %systemroot%\system32\STV680m.dll not found.
Service ddxgb stopped successfully!
Service ddxgb deleted successfully!
File %systemroot%\system32\zebrsce.dll not found.
Service CYGF32X stopped successfully!
Service CYGF32X deleted successfully!
File %systemroot%\system32\oracleformsserver-forms60server-oraform.dll not found.
Service CXAVXBAR stopped successfully!
Service CXAVXBAR deleted successfully!
File %systemroot%\system32\DMICall.dll not found.
Service cvintdrv stopped successfully!
Service cvintdrv deleted successfully!
File %systemroot%\system32\PSSdk21.dll not found.
Service cmigameport stopped successfully!
Service cmigameport deleted successfully!
File %systemroot%\system32\s616mdm.dll not found.
Service CE3 stopped successfully!
Service CE3 deleted successfully!
File %systemroot%\system32\Cinemsup.dll not found.
Service CDRPDACC stopped successfully!
Service CDRPDACC deleted successfully!
File %systemroot%\system32\viaudio.dll not found.
Service CdaD10BA stopped successfully!
Service CdaD10BA deleted successfully!
File %systemroot%\system32\SunkFilt39.dll not found.
Service caccprovsp stopped successfully!
Service caccprovsp deleted successfully!
File %systemroot%\system32\wwsecsvc.dll not found.
Service bdss stopped successfully!
Service bdss deleted successfully!
File %systemroot%\system32\tmmbd.dll not found.
Service ASDR stopped successfully!
Service ASDR deleted successfully!
File %systemroot%\system32\psadd.dll not found.
Service AppnBase stopped successfully!
Service AppnBase deleted successfully!
File %systemroot%\system32\hsfhwazl.dll not found.
Service APLMp50 stopped successfully!
Service APLMp50 deleted successfully!
File %systemroot%\system32\eeyeevnt.dll not found.
Service cerc6 stopped successfully!
Service cerc6 deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys not found.
rimmptsk removed from NetSvcs value successfully!
utscsi removed from NetSvcs value successfully!
pepifilter removed from NetSvcs value successfully!
mwstick removed from NetSvcs value successfully!
bdss removed from NetSvcs value successfully!
tvald removed from NetSvcs value successfully!
mctaskmanager removed from NetSvcs value successfully!
tfsndrct removed from NetSvcs value successfully!
tifm21 removed from NetSvcs value successfully!
VICESYS removed from NetSvcs value successfully!
CYGF32X removed from NetSvcs value successfully!
mvdcodec removed from NetSvcs value successfully!
roxwatch9 removed from NetSvcs value successfully!
RESMGR removed from NetSvcs value successfully!
earthlinksafeconnectagent removed from NetSvcs value successfully!
sysaidagent removed from NetSvcs value successfully!
hpzius12 removed from NetSvcs value successfully!
FETNDIS removed from NetSvcs value successfully!
mcrdsvc removed from NetSvcs value successfully!
NWSIPX32 removed from NetSvcs value successfully!
windowblinds removed from NetSvcs value successfully!
caccprovsp removed from NetSvcs value successfully!
mwssched removed from NetSvcs value successfully!
vmnetadapter removed from NetSvcs value successfully!
mssql$microsoftbcm removed from NetSvcs value successfully!
ASDR removed from NetSvcs value successfully!
HIDSwvd removed from NetSvcs value successfully!
wfxsvc removed from NetSvcs value successfully!
mozyFilter removed from NetSvcs value successfully!
vzcdbsvc removed from NetSvcs value successfully!
ntpr_nic_service2 removed from NetSvcs value successfully!
livesrv removed from NetSvcs value successfully!
epson_pm_rpcv2_02 removed from NetSvcs value successfully!
s3psddr removed from NetSvcs value successfully!
icepack removed from NetSvcs value successfully!
retrowdsvc removed from NetSvcs value successfully!
mcafeeframework removed from NetSvcs value successfully!
NPDriver removed from NetSvcs value successfully!
Service NPDriver stopped successfully!
Service NPDriver deleted successfully!
C:\WINDOWS\system32\parvdm.dll moved successfully.
cmigameport removed from NetSvcs value successfully!
SE2Dbus removed from NetSvcs value successfully!
pinetmgr removed from NetSvcs value successfully!
APLMp50 removed from NetSvcs value successfully!
CE3 removed from NetSvcs value successfully!
vaiomediaplatform-mobile-gateway removed from NetSvcs value successfully!
iAimTV6 removed from NetSvcs value successfully!
pmem removed from NetSvcs value successfully!
SiSRaid removed from NetSvcs value successfully!
CDRPDACC removed from NetSvcs value successfully!
mf removed from NetSvcs value successfully!
SE26mdfl removed from NetSvcs value successfully!
CdaD10BA removed from NetSvcs value successfully!
nm removed from NetSvcs value successfully!
wacomvhid removed from NetSvcs value successfully!
LHidUsbK removed from NetSvcs value successfully!
k750mdfl removed from NetSvcs value successfully!
RioS30 removed from NetSvcs value successfully!
SRVLOC removed from NetSvcs value successfully!
genregistrar removed from NetSvcs value successfully!
CXAVXBAR removed from NetSvcs value successfully!
InterBaseGuardian removed from NetSvcs value successfully!
issvc removed from NetSvcs value successfully!
transbaseservice removed from NetSvcs value successfully!
rpcapd removed from NetSvcs value successfully!
klblmain removed from NetSvcs value successfully!
pdlndlpb removed from NetSvcs value successfully!
mcdbus removed from NetSvcs value successfully!
roxliveshare removed from NetSvcs value successfully!
psdvdisk removed from NetSvcs value successfully!
pensup removed from NetSvcs value successfully!
nicconfigsvc removed from NetSvcs value successfully!
ddxgb removed from NetSvcs value successfully!
ultra66 removed from NetSvcs value successfully!
cvintdrv removed from NetSvcs value successfully!
mcupdmgr.exe removed from NetSvcs value successfully!
AppnBase removed from NetSvcs value successfully!
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQS moved successfully.
C:\Documents and Settings\All Users\Application Data\~W4ID0FNNbYCqQSr moved successfully.
C:\Documents and Settings\All Users\Application Data\W4ID0FNNbYCqQS moved successfully.
C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWu moved successfully.
C:\Documents and Settings\All Users\Application Data\~zRfpj2rbftmkWur moved successfully.
C:\Documents and Settings\All Users\Application Data\zRfpj2rbftmkWu moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu moved successfully.
C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu moved successfully.
C:\Documents and Settings\All Users\Application Data\0 moved successfully.
========== FILES ==========
File C:\WINDOWS\system32\drivers\netbt.sys successfully replaced with C:\WINDOWS\system32\dllcache\netbt.sys
File\Folder net start netbt not found.
< ipconfig /flushdns /c >
Windows IP Configuration
C:\Documents and Settings\me\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\me\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_190249

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:38 AM

Posted 17 April 2012 - 12:48 AM

Hi!

No I don't have the original Windows discs

Okay, lets hope that we can fix this without the need of those discs.

Can you please provide me with a new Farbar Service Scanner log file to review?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users