china423

ComboFix 12-02-13.01 - Bob 02/16/2012 8:52.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.488 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 ))))))))))))))))))))))))))))))) . . 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-27 03:04 . 2012-02-01 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-16 14:39 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2012-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-16 09:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Gamevance\\gvtl.dll" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2712) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-02-16 09:08:41 ComboFix-quarantined-files.txt 2012-02-16 15:08 . Pre-Run: 158,213,779,456 bytes free Post-Run: 159,402,364,928 bytes free . - - End Of File - - F189AFA2A42FEA83E4C09066A79C273B

Done. reg.rar

I tried but it said I'm not permitted to upload this kind of file here...

I can't get rid of that browser hijacker.deskbar. It keeps coming back after scanning, removing, then rebooting. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/08/2012 at 09:19 PM Application Version : 5.0.1144 Core Rules Database Version : 8203 Trace Rules Database Version: 6015 Scan type : Quick Scan Total Scan Time : 00:10:13 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 486 Memory threats detected : 0 Registry items scanned : 30179 Registry threats detected : 4 File items scanned : 8389 File threats detected : 1 Browser Hijacker.Deskbar HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32 Adware.Tracking Cookie C:\Documents and Settings\Bob\Cookies\4AEAOK08.txt [ /accounts.google.com ]

Sorry for the delay: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/08/2012 at 12:49 PM Application Version : 5.0.1144 Core Rules Database Version : 8203 Trace Rules Database Version: 6015 Scan type : Complete Scan Total Scan Time : 01:08:02 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 475 Memory threats detected : 0 Registry items scanned : 36940 Registry threats detected : 4 File items scanned : 47577 File threats detected : 28 Browser Hijacker.Deskbar HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32 Adware.Tracking Cookie C:\Documents and Settings\Bob\Cookies\QZ9BJKU5.txt [ /revsci.net ] C:\Documents and Settings\Bob\Cookies\YIJV38CA.txt [ /accounts.google.com ] C:\Documents and Settings\Bob\Cookies\F4BTWEFR.txt [ /adinterax.com ] C:\Documents and Settings\Bob\Cookies\5VFPKBYP.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\G3RQKJ3D.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\VJ1NPC5N.txt [ /collective-media.net ] C:\Documents and Settings\Bob\Cookies\5HPVYLNQ.txt [ /invitemedia.com ] C:\Documents and Settings\Bob\Cookies\1C2YNZ44.txt [ /gostats.com ] C:\Documents and Settings\Bob\Cookies\FA5S6LCM.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\6N5H79BY.txt [ /accounts.google.com ] C:\Documents and Settings\Bob\Cookies\VQF2JHQV.txt [ /ad.wsod.com ] C:\Documents and Settings\Bob\Cookies\IDZTG6NV.txt [ /partners.fireclickmedia.com ] C:\Documents and Settings\Bob\Cookies\ZV2POVPV.txt [ /tacoda.at.atwola.com ] C:\Documents and Settings\Bob\Cookies\YFGKO3OO.txt [ /a1.interclick.com ] C:\Documents and Settings\Bob\Cookies\NUCB6BLO.txt [ /adserver.adtechus.com ] C:\Documents and Settings\Bob\Cookies\8VE213BE.txt [ /yieldmanager.net ] C:\Documents and Settings\Bob\Cookies\2W1ZBBCJ.txt [ /server.iad.liveperson.net ] C:\Documents and Settings\Bob\Cookies\BLCBEY9H.txt [ /ad.yieldmanager.com ] C:\Documents and Settings\Bob\Cookies\57U8PI9Z.txt [ /sales.liveperson.net ] C:\Documents and Settings\Bob\Cookies\P450U2FZ.txt [ /media6degrees.com ] C:\Documents and Settings\Bob\Cookies\AQIRFBRZ.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\JIGV5TCZ.txt [ /questionmarket.com ] C:\Documents and Settings\Bob\Cookies\7C568JPA.txt [ /adbrite.com ] C:\Documents and Settings\Bob\Cookies\DXQGZ9DX.txt [ /interclick.com ] C:\Documents and Settings\Bob\Cookies\9FADQ7UQ.txt [ /sales.liveperson.net ] C:\Documents and Settings\Bob\Cookies\G7W4EJ7M.txt [ /akamai.interclickproxy.com ] C:\Documents and Settings\Bob\Cookies\7TB2W97B.txt [ /at.atwola.com ] Trojan.Agent/Gen-FunWeb C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1228\A0297502.DLL

And I just started scanning again with superantispyware and already its detected browserhijacker.deskbar again ;(

It's running better, but it's still slow. I think it's just because it's an older computer. Thanks for all your help. I greatly appreciate it!!!

All processes killed ========== COMMANDS ========== Restore points cleared and new OTL Restore Point set! [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Bob ->Temp folder emptied: 427008 bytes ->Temporary Internet Files folder emptied: 24388526 bytes ->Java cache emptied: 19774 bytes ->FireFox cache emptied: 76294966 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1517 bytes User: Darlene ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner User: OWNER~1~YOU %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 97.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02012012_184217 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF5649.tmp not found! File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF566A.tmp not found! File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF57DB.tmp not found! File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF57F0.tmp not found! C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\FP2TYULB\fastbutton[2].htm moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\FP2TYULB\index[4].php moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\4A3T2TEN\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

Sorry, im confused. Add what to where?

OTL logfile created on: 2/1/2012 AM 11:42:02 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 895.36 Mb Total Physical Memory | 376.59 Mb Available Physical Memory | 42.06% Memory free 2.11 Gb Paging File | 1.76 Gb Available in Paging File | 83.17% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 181.89 Gb Total Space | 142.87 Gb Free Space | 78.55% Space Free | Partition Type: NTFS Drive D: | 4.40 Gb Total Space | 1.45 Gb Free Space | 32.95% Space Free | Partition Type: FAT32 Computer Name: YOUR-C8A2EC5BC2 | User Name: Bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/27 14:56:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2010/09/27 09:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/15 17:29:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2006/02/17 09:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006/02/17 09:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe ========== Modules (No Company Name) ========== MOD - [2012/02/01 02:10:15 | 001,697,280 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12020100\algo.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2006/02/17 09:17:08 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll MOD - [2006/02/17 09:17:08 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll MOD - [2006/02/17 09:17:08 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so MOD - [2004/09/14 07:42:04 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbuPP5C.DLL MOD - [2004/08/24 14:22:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL MOD - [2004/07/29 11:36:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 6200 Series\lxbucnv4.dll MOD - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe MOD - [2001/07/02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2010/09/27 09:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/01/15 17:29:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2006/02/17 09:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006/02/17 09:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2004/09/23 11:58:02 | 000,450,560 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device) ========== Driver Services (SafeList) ========== DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/07/12 12:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010/03/02 12:44:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/02/13 13:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2007/03/23 13:48:49 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007/01/17 20:59:14 | 000,049,408 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipod2car.sys -- (IPOD2CAR) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006/04/24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006/02/17 10:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/02/17 10:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt) DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2002/04/25 08:44:40 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@olympus-imaging.jp/npIbInst: C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.) FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/11/21 14:53:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/02/01 10:14:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 21:31:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/28 08:56:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/28 08:38:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011/11/30 18:05:54 | 000,000,000 | ---D | M] [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2012/01/28 12:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions [2010/10/28 18:50:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/01/28 12:46:22 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions\39ffxtbr@MapsGalaxy_39.com [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Sunbird\Profiles\cjuebd86.default\extensions [2012/01/25 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/10/24 20:16:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/11/11 14:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2007/11/29 23:23:37 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2010/11/19 17:43:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009/11/16 10:07:41 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png [2009/11/16 10:07:41 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml [2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\ O1 HOSTS File: ([2012/01/31 18:27:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Translate with &Babylon - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217949355452 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BB7396-D8BA-4D52-BAF8-8A97A6D6B493}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/10/27 19:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [CLEARALLRESTOREPOINTS] Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/01 09:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/01/28 12:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\MapsGalaxy_39 [2012/01/28 12:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\MapsGalaxy_39EI [2012/01/28 12:07:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/01/28 12:05:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/01/28 12:05:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/01/28 12:05:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/01/28 12:05:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/01/28 12:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/01/28 11:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/28 11:55:29 | 004,393,886 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe [2012/01/28 08:56:33 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/27 14:56:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe [2012/01/27 14:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\tdsskiller [2012/01/26 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/26 21:04:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/01/26 21:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/26 20:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/01/26 18:50:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob\Recent [2008/08/05 08:00:41 | 001,075,536 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\Common Files\RegCure 1.5.0.0 Trial.exe ========== Files - Modified Within 30 Days ========== [2012/02/01 11:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job [2012/02/01 11:44:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job [2012/02/01 09:35:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/01 09:34:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/01 09:34:37 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys [2012/01/31 18:27:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/01/31 18:05:03 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job [2012/01/31 16:57:15 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\SystemLook.exe [2012/01/31 08:08:37 | 004,393,886 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe [2012/01/28 16:33:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job [2012/01/28 12:08:03 | 000,000,312 | RHS- | M] () -- C:\boot.ini [2012/01/27 14:56:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe [2012/01/27 09:47:19 | 000,000,195 | ---- | M] () -- C:\Boot.bak [2012/01/26 18:39:46 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/01/26 18:13:28 | 000,183,958 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/01/26 18:04:29 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/26 18:04:29 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/25 21:31:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/01/31 16:57:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\SystemLook.exe [2012/01/28 12:25:13 | 000,001,413 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Conference.lnk [2012/01/28 12:25:13 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Windows Media Player.lnk [2012/01/28 12:25:13 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\NoAdware.lnk [2012/01/28 12:08:03 | 000,000,195 | ---- | C] () -- C:\Boot.bak [2012/01/28 12:08:02 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/01/28 12:05:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/01/28 12:05:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/01/28 12:05:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/01/28 12:05:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/01/28 12:05:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/04/19 09:58:43 | 000,174,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/04/24 17:24:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010/04/24 17:24:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2010/03/11 17:15:56 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe [2010/03/11 17:15:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe [2010/03/11 17:15:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2010/02/20 17:32:35 | 000,074,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/09/19 09:00:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/03/10 13:15:05 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 22:30:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/03/07 10:43:31 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI [2008/02/09 14:17:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008/01/23 22:34:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2007/11/29 20:36:43 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007/10/24 20:15:33 | 000,004,564 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/10/14 20:18:06 | 000,827,024 | ---- | C] () -- C:\Program Files\PhotoGreetingCards.exe [2007/10/13 10:41:51 | 001,394,568 | ---- | C] () -- C:\Program Files\install_easyshare.exe [2007/04/23 02:09:35 | 000,001,948 | ---- | C] () -- C:\WINDOWS\tabled32.ini [2007/04/06 19:56:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007/04/06 19:56:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007/04/06 19:56:39 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007/04/06 19:56:39 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2007/03/23 02:17:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/03/22 18:38:28 | 000,007,172 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007/02/21 11:01:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007/02/21 11:01:05 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/02/21 11:01:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/02/18 23:13:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini [2007/01/22 01:29:09 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini [2007/01/21 23:24:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/01/21 23:05:05 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2007/01/21 23:05:05 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2007/01/21 23:05:05 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2007/01/21 23:05:04 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2007/01/21 23:05:04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2007/01/21 23:05:03 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2007/01/19 20:55:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2007/01/19 20:55:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2007/01/15 20:44:00 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/01/15 19:41:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/01/15 19:22:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll [2007/01/15 19:08:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2007/01/15 17:45:07 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2007/01/15 17:45:07 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe [2007/01/15 17:42:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/01/15 17:39:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat [2007/01/15 17:37:55 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe [2007/01/15 17:36:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/01/15 17:00:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/01/15 17:00:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/01/15 17:00:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/01/15 17:00:01 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/01/15 16:59:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/01/15 16:59:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/01/15 16:59:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/01/15 16:59:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/01/15 16:58:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/01/15 16:57:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/03 20:23:20 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/02/03 20:23:04 | 000,272,384 | ---- | C] () -- C:\WINDOWS\System32\oecom.dll [2006/02/03 20:22:40 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\oeapiinitcom.dll [2005/12/05 08:58:18 | 000,251,392 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll [2005/10/29 23:41:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2005/10/29 23:40:59 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/10/29 23:40:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/10/29 23:40:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/10/29 23:40:57 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005/10/29 23:40:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/10/29 23:40:56 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2005/10/29 23:40:56 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/10/29 23:40:54 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2005/10/29 23:40:54 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2004/10/28 11:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/10/27 20:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe [2004/10/27 19:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/10/27 19:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/10/27 18:53:07 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/10/27 18:53:07 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2004/10/27 18:52:06 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/10/27 18:52:06 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/10/27 12:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/10/27 12:06:55 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002/05/15 11:13:20 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\SipCal.dll [1999/09/17 19:12:54 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\Seqcal.sys ========== Custom Scans ========== < Commands > < [EMPTYTEMP] > < > < End of report >

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b89a892e30eb8b42b445d40f4c06b0c0 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-01 05:02:37 # local_time=2012-02-01 11:02:37 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=770 16774141 100 100 0 263470698 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=159372 # found=315 # cleaned=315 # scan_time=4611 C:\Program Files\MapsGalaxy_39\bar\1.bin\39datact.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39skin.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.tmp.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\dccdd.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\dfhjl.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\fehkj.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\fghhk.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhjl.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhjl.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\noqss.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\oopoq.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\oopoq.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\opppo.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\prsru.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\qqpoq.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\stwvw.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\stwvw.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvut.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\uxabc.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\vxxbc.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\xyxyb.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1221\A0295871.exe Win32/Etap virus (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296285.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296393.exe a variant of Win32/Toolbar.MyWebSearch.O application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296395.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296396.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296397.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297130.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297131.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297132.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297133.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297134.dll probably a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297135.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\abhumqem.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\agnrxfgk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\agwstcoa.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\aqfagfom.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\aqqkrlon.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\arjbuhvy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\asvaauqv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\auctwkrc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\aysdqvet.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bceuuier.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bdovsjff.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bhekxgeb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bhiipcoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bjyacrcx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\blobvstm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bpytumii.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bttjooum.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cbfyqmvq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cbhqktqh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ccfrlqoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cgbabjku.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\chhwcswr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ciwwjuay.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cjytiyyr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\clhjjiir.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\coaxteif.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cyflbiij.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cylcstxl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dakisohx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dbgdyspw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dccdd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ddbejrcb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dekxdrxq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dfhjl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dictpoxw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\djhotuvm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dlublssg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dnyrywnn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\drbghhwv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dtsedqrt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dvpfdovd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\eetdcwmp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\efagiakr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\efaynysf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ehlcbmog.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\epiolhxc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\eqswqxba.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\escntqxg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etbmupjm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etclhtwx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etljfcwi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etmunuct.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fbobmptg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fcbmjcpk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fckpoflj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fehkj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ffjlbyjj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ffroetlg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fghhk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fiyfsxie.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fkhunsif.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fmgotqkp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fnrbbtto.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fpvoaplh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fsibombc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fsqvnbjc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ftxdigup.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fugublls.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fxeyvikp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fxxbbmdq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gealctxg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ggfshbsj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ghfbusqk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ghhjl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\glfehdps.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gmegrqhg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gngmdrea.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gpgpprpt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gqgwshcr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gtfbbmer.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hbmxttyd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hbrtcdor.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hewyhins.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hfiestak.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hiqffqeg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hjyqibat.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hnntvwgw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hnttwycd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hpignqkl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hvfueppi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hwbjevgo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hxigdtbp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\iafxfkby.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ibonrdyq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ibtcjktg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ijtirbsr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\inilieph.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\iqbinlad.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\irvdtpjg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\iskgqeji.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\isurofeb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ixdlwccs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jaexijto.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jccgotdd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jdlsgmye.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jfwobajo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jlusxwbs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jnggxgdk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\joahhvrl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jovfhcrv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jrldeiwi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\juneanyt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jxaadcwm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jxfxauww.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jxnnteof.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jyjbgtkw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kacdtnap.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kkdiewvb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\klrydxvl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\klshxrpt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kmhqsefj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kolccutg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kolclyjj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kuhxwlfu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kvubvqwk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kyjrsmuj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lcdlkhmy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lemigngq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lgbksqsh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lgufdcid.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\libnklbm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ljvcrgja.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lmsrgpiv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lpbdbueq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lpmimuqs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lqehrxuo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lsttemtt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ltegjehu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ltxfdhtt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\luscbdqu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lwjbaanc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\macvbjjv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mahglqqs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mcghdoog.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mdgauptm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mgbllhvq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mhjnxlny.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mjpgbdvj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mkcsmljp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mlmwglmv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mrjushko.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mtdjjrny.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mvkppmhj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mwjsrbgp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mxooidhm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ndewsjmy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nijpwtra.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\niumimje.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nkalfacv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nkoyendf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nopolenl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\noqss.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nsbtketd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nwlmswbv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nwxjeqkq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nxuhakke.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nyuxhkkt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\obkjvjnm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oelbbuyt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oiafodfk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oihgopgu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oopoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\opnbxbpn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\opppo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ouijlcjn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pbrrjfes.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pfmxrkkb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pkjteruk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\plqaodde.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pmdhteke.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\prlemekp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\prsru.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\psrqoilh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pwlmefhh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pxfxjvcu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pxkcsbrt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pyevfpqx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qemirxln.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qesxrwmn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qffbewfw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qfgcsvjs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qgaojipm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qiyepocd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qjntcgtx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qjovxhud.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qkfsodql.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qkgjodgp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qlpcrtuk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qluvutch.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qnmlabqy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qpmikaec.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qqpoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qudmeqxk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qvdrfcyy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ravpncsc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rbqhhxdv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rddeqhov.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rewjvsyn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rfwcqjqw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rgqeuajl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rkhpthbq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rpelupxy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rucbofmb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ruqgromk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rwvxstfl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sbwaeyhf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sdjpyhsp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sexuluuf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\shpxewma.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sijkcqef.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sjfjyawr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\snotlgtw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\solbkmxw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\taskrqow.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tecfromm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tnewgsuh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tpghulyj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\trkrefiu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tvpgmrsb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tvvut.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\twccraut.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uapnxsed.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ubiohlad.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ubyhlger.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ucbaugxj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ucdbufpn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\udktagvj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uhailqpb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uhytoduf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\umsoumye.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ururptpq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uwwmlfey.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uxabc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uxrlxohp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vaicmmnj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vaowwaxm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vckjoqxk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vgvkajdk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vlvbafyn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vmgumdeq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vsdoqkll.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vstyiykq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vuchxwlq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vushymjv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vviyoncn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vxxbc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wdoutjlq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\webfsxhy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wmfkmjul.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wpbhondm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wvutv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wyusxgxq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xgcfaiic.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xidddspu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xikupkjx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xlingowx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xprbagbl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xqtyfnrl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xtnjhlun.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xyxyb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\yablcnaq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ymribagd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\yoklcbla.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ypsnssqr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ywbmbbyc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ywsmmhfu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.01.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bob :: YOUR-C8A2EC5BC2 [administrator] 2/1/2012 9:16 mbam-log-2012-02-01 (09-16-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226901 Time elapsed: 6 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (Adware.MyWebSearch) -> Data: "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (Adware.MyWebSearch) -> Data: C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. (end)

Also I have my antivirus program disabled but it just popped up saying rootkit found. File Name: SVC: catchme > C:\DOCUME~1\Bob\LOCALS~1\Temp\catchme.sys What Action should I take with this? Thanks

ComboFix 12-01-30.02 - Bob 01/31/2012 18:07:04.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.323 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall\data\HwLocal.xdb c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll . . ((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 ))))))))))))))))))))))))))))))) . . 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-28_18.25.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-01 00:21 . 2012-02-01 00:21 16384 c:\windows\Temp\Perflib_Perfdata_534.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] "MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-28 38440] "MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-28 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [1/28/2012 12:46 PM 42504] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 18:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Gamevance\\gvtl.dll" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE\\FBStoolbar.dll" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3864) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\windows\zHotkey.exe . ************************************************************************** . Completion time: 2012-01-31 18:32:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-01 00:32 ComboFix2.txt 2012-01-31 23:32 ComboFix3.txt 2012-01-31 14:29 ComboFix4.txt 2012-01-29 16:13 ComboFix5.txt 2012-02-01 00:05 . Pre-Run: 153,812,926,464 bytes free Post-Run: 153,901,228,032 bytes free . - - End Of File - - 59D908E6A192C0C40C31C88A3655B05D

ComboFix 12-01-30.02 - Bob 01/31/2012 17:15:07.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.462 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))) . . 2012-01-31 15:16 . 2012-01-31 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-28_18.25.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-31 14:04 . 2012-01-31 14:04 16384 c:\windows\Temp\Perflib_Perfdata_128.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] "MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-28 38440] "MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-28 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [1/28/2012 12:46 PM 42504] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 17:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Gamevance\\gvtl.dll" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE\\FBStoolbar.dll" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2892) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-01-31 17:32:16 ComboFix-quarantined-files.txt 2012-01-31 23:32 ComboFix2.txt 2012-01-31 14:29 ComboFix3.txt 2012-01-29 16:13 ComboFix4.txt 2012-01-28 18:30 . Pre-Run: 153,814,904,832 bytes free Post-Run: 153,828,470,784 bytes free . - - End Of File - - 48A25D723EC9C1E799F23ABB56EF2217

SystemLook 30.07.11 by jpshortstuff Log created at 16:57 on 31/01/2012 by Bob Administrator - Elevation successful ========== filefind ========== Searching for "*bepinceu* " No files found. Searching for "*bep* " C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Premiere Pro 2.0.lnk --a---- 1932 bytes [10:02 25/03/2007] [10:02 25/03/2007] 2A9FF0E5F377C09FC4CA9689D4F94AFD C:\Program Files\Adobe\Adobe Premiere Pro 2.0\Plug-ins\en_US\NeroDigitalPluginAdobePremiere_Eng.pdf --a--c- 189121 bytes [22:53 21/02/2007] [22:53 21/02/2007] 104E3F3C7907FB7CB1AB8A62B93D929F C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc -ra--c- 44247 bytes [17:44 18/09/2008] [17:44 18/09/2008] C8BE3C4A507F573DCCB83540956FADD7 C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp --a--c- 112640 bytes [18:07 27/02/2009] [18:07 27/02/2009] EC90CA2ACAC40DE42DEFBCC0D05496AD C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf -ra--c- 89660 bytes [18:31 21/12/2009] [18:31 21/12/2009] 2A63E88A9D329D442DC9BA4221DD69B0 C:\Program Files\Common Files\Adobe\PDFL\7.0\Fonts\AdobePiStd.otf --a--c- 89660 bytes [01:16 17/03/2005] [01:16 17/03/2005] 2A63E88A9D329D442DC9BA4221DD69B0 C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll --a--c- 86016 bytes [22:59 15/01/2007] [00:10 14/04/2008] 75D9C8851209129896585D0F72C9EFC8 C:\Program Files\Olympus\ib\Custom\Skin\Layout\YouTube\YouTubePage.bkml -----c- 20864 bytes [21:17 11/03/2011] [21:17 11/03/2011] 715CD3C1E8950447C60E0520C63FFFFE C:\Program Files\Olympus\ib\YouTube\YouTubePage.kc -----c- 23781 bytes [21:19 11/03/2011] [21:19 11/03/2011] E012129E3D635285CB82FF8F799B58B3 C:\Program Files\Sony\Reader\Data\reader\scripts\logoAdobePDF.png --a--c- 3322 bytes [01:50 03/04/2010] [01:50 03/04/2010] 51B13F4CBEA22386F91B9E627DC8F153 C:\WINDOWS\$NtServicePackUninstall$\obepopc.dll -----c- 86016 bytes [16:09 04/12/2008] [19:00 10/08/2004] 7322C6B783F540C1D7FC07830683029D C:\WINDOWS\I386\OBEPOPC.DL_ -----c- 36248 bytes [23:13 15/01/2007] [19:00 10/08/2004] BC52500C74D36FE0BA33C815488D3E1B C:\WINDOWS\ServicePackFiles\i386\obepopc.dll -----c- 86016 bytes [15:02 25/10/2008] [00:10 14/04/2008] 75D9C8851209129896585D0F72C9EFC8 Searching for " " No files found. ========== folderfind ========== Searching for "*bep*" C:\Documents and Settings\All Users\Documents\Adobe PDF d------ [10:05 25/03/2007] C:\Documents and Settings\Darlene\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho d------ [21:13 17/12/2011] C:\Program Files\Adobe\Adobe Premiere Pro 2.0 d------ [10:00 25/03/2007] -= EOF =-

2012-01-29 15:56:40 . 2012-01-31 14:10:46 260 -c--a-w- C:\Qoobox\Quarantine\catchme.txt 2012-01-28 18:29:17 . 2012-01-28 18:29:17 936 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Video Conference.reg.dat 2012-01-28 18:28:49 . 2012-01-28 18:28:49 596 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Weather.reg.dat 2012-01-28 18:28:48 . 2012-01-28 18:28:48 590 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Upromise Update.reg.dat 2012-01-28 18:28:48 . 2012-01-28 18:28:48 610 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Upromise Tray.reg.dat 2012-01-28 18:28:48 . 2012-01-28 18:28:48 676 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat 2012-01-28 18:28:47 . 2012-01-28 18:28:47 594 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-mnumsg.reg.dat 2012-01-28 18:28:39 . 2012-01-28 18:28:39 126 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-ThreadingModel.reg.dat 2012-01-28 18:28:23 . 2012-01-28 18:28:23 171 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat 2012-01-28 18:28:22 . 2012-01-28 18:28:22 333 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{CE918BEE-9F07-450D-94EB-DAE34BCF23Ad}.reg.dat 2012-01-28 18:25:10 . 2004-09-13 18:15:24 53 -c--a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir 2012-01-28 18:17:38 . 2012-01-28 18:17:38 774 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FOPN.reg.dat 2012-01-28 18:17:06 . 2012-01-31 14:20:56 5,024 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-01-28 18:05:09 . 2012-01-31 14:09:13 255 -c--a-w- C:\Qoobox\Quarantine\catchme.log 2010-11-11 04:07:45 . 2010-11-11 04:07:41 143,872 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\Setup.ilg.vir 2010-11-07 04:57:18 . 2010-11-07 04:57:03 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe.vir 2010-08-19 03:07:15 . 2010-08-19 03:07:15 129 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TEMP\C31F31E6.TMP.vir 2010-08-18 13:13:04 . 2011-02-04 18:38:45 1,919 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\searchplugins\bing-zugo.xml.vir 2010-07-16 23:01:30 . 2010-11-17 23:06:16 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe.vir 2010-06-24 00:06:08 . 2010-11-11 04:03:43 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe.vir 2009-06-28 19:48:27 . 2011-09-28 14:30:39 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe.vir 2009-06-04 02:26:08 . 2011-09-09 00:53:54 60,304 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Bob\g2mdlhlpx.exe.vir 2008-05-21 01:22:20 . 2008-05-21 03:22:07 1,824 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Conference.ini.vir 2008-05-20 23:30:46 . 2008-05-21 01:51:51 29,172 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\en.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 28,375 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\hu.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 28,890 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\pl.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 37,927 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\ua.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 38,959 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\ru.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 31,292 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\pt.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 30,001 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\de.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 29,994 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\es.xml.vir 2008-05-20 23:30:44 . 2008-05-21 01:51:50 29,747 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Languages\fr.xml.vir 2008-05-20 23:30:43 . 2008-05-21 01:51:47 64 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Conference.db.vir 2008-05-20 23:30:41 . 2008-05-20 23:30:40 3,256,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Conference.dll.vir 2008-05-20 23:30:32 . 2008-05-21 01:51:36 497,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Conference\Conference.exe.vir 2007-10-13 18:49:21 . 2007-10-13 18:49:21 494,265 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dfhjl.bak1.vir 2007-10-10 21:06:45 . 2007-10-10 21:06:45 0 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Bob\err.log.vir 2007-09-28 17:46:31 . 2007-09-28 18:13:59 73 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\irclass.uce.vir 2007-09-25 03:06:07 . 2007-10-15 03:18:58 1,135 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.ini2.vir 2007-09-15 18:29:11 . 2007-09-15 18:29:11 0 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Darlene\err.log.vir 2007-08-23 23:28:29 . 2007-08-23 23:28:30 1,600,724 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vxxbc.bak1.vir 2007-08-18 20:08:36 . 2007-08-18 20:08:37 1,598,700 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvut.bak1.vir 2007-08-09 20:39:49 . 2007-08-09 20:39:49 1,729,197 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xyxyb.bak1.vir 2007-08-08 17:50:44 . 2007-08-08 17:50:44 1,729,155 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\opppo.bak1.vir 2007-07-24 20:08:22 . 2007-07-24 20:08:22 1,733,873 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uxabc.bak1.vir 2007-07-06 05:04:11 . 2007-07-06 05:04:12 1,840,185 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dccdd.bak1.vir 2007-06-05 22:55:54 . 2007-06-05 22:55:54 1,584,997 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fehkj.bak1.vir 2007-05-26 19:02:35 . 2007-05-26 19:02:36 1,543,948 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\prsru.bak1.vir 2007-05-26 04:11:09 . 2007-05-26 04:11:10 1,544,846 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\noqss.bak1.vir 2007-05-26 01:13:21 . 2007-05-26 01:13:21 1,543,948 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fghhk.bak1.vir 2007-05-15 23:10:13 . 2007-05-15 23:10:14 1,465,938 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qqpoq.bak1.vir 2007-05-15 14:59:19 . 2007-10-15 03:11:59 520,430 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\oopoq.bak2.vir 2007-05-15 00:14:36 . 2007-10-12 01:40:54 520,515 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\oopoq.bak1.vir 2007-04-29 06:27:51 . 2007-05-13 03:54:47 1,353,562 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\stwvw.bak2.vir 2007-04-28 11:45:20 . 2007-04-28 11:45:20 1,132 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.tmp.vir 2007-04-28 06:27:35 . 2007-04-28 11:41:23 1,132 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.ini.vir 2007-04-28 06:27:24 . 2007-05-13 03:55:02 1,354,671 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\stwvw.bak1.vir 2007-04-28 05:08:09 . 2007-04-28 05:08:10 1,399,208 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhjl.bak2.vir 2007-04-27 04:03:30 . 2007-04-27 04:03:31 1,373,980 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhjl.bak1.vir

ComboFix 12-01-30.02 - Bob 01/31/2012 8:10.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.508 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))) . . 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-28_18.25.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-31 14:04 . 2012-01-31 14:04 16384 c:\windows\Temp\Perflib_Perfdata_128.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] "MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-28 38440] "MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-28 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [1/28/2012 12:46 PM 42504] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 08:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\FLAGS] @DACL=(02 0000) @="0" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\HELPDIR] @DACL=(02 0000) @="c:\\Program Files\\Gamevance" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS] @DACL=(02 0000) @="0" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3744) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-01-31 08:29:07 ComboFix-quarantined-files.txt 2012-01-31 14:29 ComboFix2.txt 2012-01-29 16:13 ComboFix3.txt 2012-01-28 18:30 . Pre-Run: 153,823,326,208 bytes free Post-Run: 153,843,331,072 bytes free . - - End Of File - - F375D58BE61C359F92B9F7C19B7E3C93

Also, how come every time I run combo fix it says mcafee is running when I deleted it awhile ago and can't find the program running anywhere on my pc?

Sorry but I do not see that file anywhere and when I searched for it, it said file not found. Is that the right file?

ComboFix 12-01-29.01 - Bob 01/29/2012 9:56.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.462 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\searchplugins\bing-zugo.xml c:\documents and settings\Bob\err.log c:\documents and settings\Darlene\err.log c:\windows\system32\irclass.uce . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 ))))))))))))))))))))))))))))))) . . 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2007-01-15 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\bep ---- . . . ((((((((((((((((((((((((((((( SnapShot@2012-01-28_18.25.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-29 15:46 . 2012-01-29 15:46 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] "MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-28 38440] "MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-28 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [1/28/2012 12:46 PM 42504] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-01-29 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-29 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-29 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-29 10:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\FLAGS] @DACL=(02 0000) @="0" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\HELPDIR] @DACL=(02 0000) @="c:\\Program Files\\Gamevance" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS] @DACL=(02 0000) @="0" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(748) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2012-01-29 10:13:58 ComboFix-quarantined-files.txt 2012-01-29 16:13 ComboFix2.txt 2012-01-28 18:30 . Pre-Run: 153,994,383,360 bytes free Post-Run: 154,022,780,928 bytes free . - - End Of File - - C44A8AEE75D1F007430B0D5AC43DACA5

NOTE* It said Mcafee was still running somehow, when I deleted it already prior to doing all this and looked and couldnt find it anywhere. And my computer and browser is starting to run slower than normal performing these past couple tasks so hopefully this fixes it. Thanks ComboFix 12-01-28.01 - Bob 01/28/2012 12:10:01.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.484 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\Setup.ilg c:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\C31F31E6.TMP c:\documents and settings\Bob\g2mdlhlpx.exe c:\documents and settings\Bob\WINDOWS c:\documents and settings\Darlene\WINDOWS c:\documents and settings\Default User\WINDOWS c:\program files\Common Files\Uninstall c:\program files\Conference c:\program files\Conference\Conference.db c:\program files\Conference\Conference.dll c:\program files\Conference\Conference.exe c:\program files\Conference\Conference.ini c:\program files\Conference\Languages\de.xml c:\program files\Conference\Languages\en.xml c:\program files\Conference\Languages\es.xml c:\program files\Conference\Languages\fr.xml c:\program files\Conference\Languages\hu.xml c:\program files\Conference\Languages\pl.xml c:\program files\Conference\Languages\pt.xml c:\program files\Conference\Languages\ru.xml c:\program files\Conference\Languages\ua.xml c:\program files\SGPSA c:\windows\system\ntp2.ini c:\windows\system\ntp2.ini2 c:\windows\system\ntp2.tmp c:\windows\system32\config\systemprofile\Application Data\alot c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\dccdd.bak1 c:\windows\system32\dfhjl.bak1 c:\windows\system32\fehkj.bak1 c:\windows\system32\fghhk.bak1 c:\windows\system32\ghhjl.bak1 c:\windows\system32\ghhjl.bak2 c:\windows\system32\noqss.bak1 c:\windows\system32\oopoq.bak1 c:\windows\system32\oopoq.bak2 c:\windows\system32\opppo.bak1 c:\windows\system32\prsru.bak1 c:\windows\system32\qqpoq.bak1 c:\windows\system32\stwvw.bak1 c:\windows\system32\stwvw.bak2 c:\windows\system32\tvvut.bak1 c:\windows\system32\uxabc.bak1 c:\windows\system32\vxxbc.bak1 c:\windows\system32\xyxyb.bak1 D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_FOPN . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 ))))))))))))))))))))))))))))))) . . 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2007-01-15 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-01-28 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-28 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-28 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . - - - - ORPHANS REMOVED - - - - . BHO-{CE918BEE-9F07-450D-94EB-DAE34BCF23Ad} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellExecuteHooks-ThreadingModel - (no file) MSConfigStartUp-mnumsg - c:\program files\MyShoppingGenie\mnumsg.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-Upromise Tray - c:\program files\Upromise\UpromiseTray.exe MSConfigStartUp-Upromise Update - c:\program files\Upromise\dca-ua.exe MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe AddRemove-Video Conference - c:\program files\Conference\Conference.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-28 12:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE\\tbhelper.dll" "ThreadingModel"="both" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID] @DACL=(02 0000) @="URLSearchHook.ToolbarURLSearchHook.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib] @DACL=(02 0000) @="{4509D3CC-B642-4745-B030-645B79522C6D}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID] @DACL=(02 0000) @="URLSearchHook.ToolbarURLSearchHook" . [HKEY_LOCAL_MACHINE\software\Classes\GamevanceText.Linker\CLSID] @DACL=(02 0000) @="{BEAC7DC8-E106-4C6A-931E-5A42E7362883}" . [HKEY_LOCAL_MACHINE\software\Classes\GamevanceText.Linker\CurVer] @DACL=(02 0000) @="GamevanceText.Linker.1" . [HKEY_LOCAL_MACHINE\software\Classes\GamevanceText.Linker.1\CLSID] @DACL=(02 0000) @="{BEAC7DC8-E106-4C6A-931E-5A42E7362883}" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0] @DACL=(02 0000) @="GamevanceText 1.0 Type Library" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0] @DACL=(02 0000) @="Toolbar3 1.0 Type Library" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(4028) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\zHotkey.exe . ************************************************************************** . Completion time: 2012-01-28 12:30:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-28 18:30 . Pre-Run: 154,494,939,136 bytes free Post-Run: 154,331,930,624 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 8BCFF497909884C261620C37DA79DD0A

Ok, done and take your time. I really appreciate all your help. Thank you! 01282012_085633.log

OTL Extras logfile created on: 1/27/2012 PM 2:57:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 895.36 Mb Total Physical Memory | 471.83 Mb Available Physical Memory | 52.70% Memory free 2.11 Gb Paging File | 1.85 Gb Available in Paging File | 87.34% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 181.89 Gb Total Space | 143.43 Gb Free Space | 78.85% Space Free | Partition Type: NTFS Drive D: | 4.40 Gb Total Space | 1.45 Gb Free Space | 32.95% Space Free | Partition Type: FAT32 Computer Name: YOUR-C8A2EC5BC2 | User Name: Bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "14208:TCP" = 14208:TCP:*:Enabled:BitComet 14208 TCP "14208:UDP" = 14208:UDP:*:Enabled:BitComet 14208 UDP "20286:TCP" = 20286:TCP:*:Enabled:20286 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed "C:\Program Files\Common Files\AOL\1168904574\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1168904574\EE\AOLServiceHost.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company) "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater "C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus Player "C:\WINDOWS\system32\lxbucoms.exe" = C:\WINDOWS\system32\lxbucoms.exe:*:Enabled:6200 Series Server -- (Lexmark International, Inc.) "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "C:\WINDOWS\TEMP\win116.tmp.exe" = C:\WINDOWS\TEMP\win116.tmp.exe:*:Enabled:win116.tmp "C:\WINDOWS\system32\bepinceu.exe" = C:\WINDOWS\system32\bepi\wmdc.exe "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference -- (©2002-2007 Audio/Video Conference Software) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation) "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\Common Files\AOL\1241478487\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1241478487\ee\aolsoftware.exe:*:Enabled:AOL Shared Components "C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "C:\Program Files\Causes\TroubleShooter.exe" = C:\Program Files\Causes\TroubleShooter.exe:*:Enabled:Causes (Helper) -- (FreeCause Inc.) "C:\Program Files\Causes\ToolbarUpdate.exe" = C:\Program Files\Causes\ToolbarUpdate.exe:*:Enabled:Causes (Update) -- (FreeCause Inc.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM "C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.) "C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- () "C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{09A8D062-576E-4826-88BA-A89E7A7FD9AA}" = CBN Selector 3 "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{1047B3FE-E1EB-4E03-97DE-C5037C2CE9CF}" = TubeHunter "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4 "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6F512339-216D-4FBE-8A83-3EDCC3F03F51}" = WD Win98 SE USB Disk Driver, v1.00.09 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7 "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{88243A9B-D381-4F7F-BF38-C1DC035AA15F}" = WDTV MSG 1.6.9 "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8EF8C20E-C9A5-485D-8A14-47F0D22C439F}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony "{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop and Synchronization Software "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DAE5EA5D-C3F4-4D0D-9EA2-3CFF0C6CB027}" = RCA Memory Manager "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{EB7DF0DD-9405-432B-B9BB-932BBAB7D6C7}" = iMusic Tools "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver "75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AIMTunes" = AIMTunes "Amazon Kindle For PC" = Amazon Kindle For PC v1.0 "avast" = avast! Free Antivirus "Bejeweled Blitz" = Bejeweled Blitz "Causes" = Causes "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "ComcastHSI" = Comcast High-Speed Internet Install Wizard "CopyTrans Suite" = CopyTrans Suite (remove only) "Coupon Printer for Windows2.0" = Coupon Printer for Windows "DeductionPro 2006" = DeductionPro 2006 "Digital Editions" = Adobe Digital Editions "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "ENTERPRISE" = Microsoft Office Enterprise 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions "InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader "InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib "Lexmark 6200 Series" = Lexmark 6200 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Maps_Bar Toolbar" = Maps_Bar Toolbar "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "MyShoppingGenie4.0" = MyShoppingGenie "Nero BurnRights!UninstallKey" = Nero BurnRights "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "RCA Detective™_is1" = RCA Detective™ 3.0.0.101 "RCA Memory Manager 3_is1" = RCA Memory Manager 3 2.1.0.0 "RCA Updater_is1" = RCA Updater 1.1.0.0 "SoftwareUpdUtility" = Download Updater (AOL LLC) "SystemRequirementsLab" = System Requirements Lab "TaxCut Premium 2006" = TaxCut Premium 2006 "Tweak UI 2.10" = Tweak UI "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1374101668-94510307-1338816319-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Audio/Video Conference" = Audio/Video Conference 4.2+ "GoToMeeting" = GoToMeeting 5.0.0.799 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/25/2012 PM 9:08:20 | Computer Name = YOUR-C8A2EC5BC2 | Source = Application Error | ID = 1000 Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76. Error - 1/25/2012 PM 9:09:25 | Computer Name = YOUR-C8A2EC5BC2 | Source = McLogEvent | ID = 5051 Description = Error - 1/26/2012 PM 7:33:49 | Computer Name = YOUR-C8A2EC5BC2 | Source = Application Error | ID = 1000 Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76. Error - 1/26/2012 PM 7:35:19 | Computer Name = YOUR-C8A2EC5BC2 | Source = Application Error | ID = 1001 Description = Fault bucket -2109233358. Error - 1/26/2012 PM 7:36:54 | Computer Name = YOUR-C8A2EC5BC2 | Source = McLogEvent | ID = 5051 Description = Error - 1/26/2012 PM 8:08:21 | Computer Name = YOUR-C8A2EC5BC2 | Source = McLogEvent | ID = 5004 Description = Error - 1/26/2012 PM 8:08:21 | Computer Name = YOUR-C8A2EC5BC2 | Source = McLogEvent | ID = 5022 Description = Error - 1/26/2012 PM 8:08:21 | Computer Name = YOUR-C8A2EC5BC2 | Source = McLogEvent | ID = 5004 Description = Error - 1/26/2012 PM 8:08:21 | Computer Name = YOUR-C8A2EC5BC2 | Source = McLogEvent | ID = 5022 Description = Error - 1/26/2012 PM 8:13:59 | Computer Name = YOUR-C8A2EC5BC2 | Source = Application Error | ID = 1000 Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76. [ OSession Events ] Error - 7/14/2009 PM 7:15:28 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/14/2009 PM 7:27:03 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 684 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/10/2009 PM 9:02:21 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/10/2009 PM 9:02:36 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/10/2009 PM 9:02:42 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/10/2009 PM 9:02:48 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/10/2009 PM 9:02:51 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/10/2009 PM 9:03:01 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/26/2009 AM 1:51:59 | Computer Name = YOUR-C8A2EC5BC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 307 seconds with 300 seconds of active time. This session ended with a crash. [ System Events ] Error - 1/26/2012 PM 8:13:34 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends on the following nonexistent service: MfeFire Error - 1/26/2012 PM 8:13:45 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd Error - 1/26/2012 PM 8:35:36 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends on the following nonexistent service: MfeFire Error - 1/26/2012 PM 8:35:42 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd Error - 1/26/2012 PM 8:44:41 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends on the following nonexistent service: MfeFire Error - 1/26/2012 PM 8:44:47 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd Error - 1/26/2012 PM 10:52:25 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd Error - 1/27/2012 AM 10:47:11 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd Error - 1/27/2012 AM 11:49:48 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd Error - 1/27/2012 PM 12:20:54 | Computer Name = YOUR-C8A2EC5BC2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi Lbd < End of report >

OTL logfile created on: 1/27/2012 PM 2:57:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 895.36 Mb Total Physical Memory | 471.83 Mb Available Physical Memory | 52.70% Memory free 2.11 Gb Paging File | 1.85 Gb Available in Paging File | 87.34% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 181.89 Gb Total Space | 143.43 Gb Free Space | 78.85% Space Free | Partition Type: NTFS Drive D: | 4.40 Gb Total Space | 1.45 Gb Free Space | 32.95% Space Free | Partition Type: FAT32 Computer Name: YOUR-C8A2EC5BC2 | User Name: Bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/27 14:56:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2010/09/27 09:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/15 17:29:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2006/02/17 09:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006/02/17 09:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe ========== Modules (No Company Name) ========== MOD - [2012/01/27 03:09:36 | 001,687,552 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12012700\algo.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008/05/16 13:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006/12/03 13:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/02/17 09:17:08 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll MOD - [2006/02/17 09:17:08 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll MOD - [2006/02/17 09:17:08 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so MOD - [2004/09/14 07:42:04 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbuPP5C.DLL MOD - [2004/08/24 14:22:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL MOD - [2004/07/29 11:36:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 6200 Series\lxbucnv4.dll MOD - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe MOD - [2001/07/02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2010/09/27 09:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/01/15 17:29:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2006/02/17 09:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006/02/17 09:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2004/09/23 11:58:02 | 000,450,560 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device) ========== Driver Services (SafeList) ========== DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/07/12 12:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010/03/02 12:44:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/02/13 13:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2007/03/23 13:48:49 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007/01/17 20:59:14 | 000,049,408 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipod2car.sys -- (IPOD2CAR) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006/04/24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006/02/17 10:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/02/17 10:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt) DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2002/04/25 08:44:40 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default = EE 8B 91 CE 07 9F 0D 45 94 EB DA E3 4B CF 23 AD [binary data] IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/ IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\URLSearchHook: {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll () IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\URLSearchHook: {b253725d-8341-4b61-81d5-fc9f2ecb021c} - No CLSID value found IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={B7D6C5E2-24D5-BA42-2EBC-50473B5AC1E0}&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@olympus-imaging.jp/npIbInst: C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.) FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/11/21 14:53:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 21:31:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 18:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/28 08:38:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011/11/30 18:05:54 | 000,000,000 | ---D | M] [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011/12/10 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions [2010/10/28 18:50:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/14 13:17:07 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions\vshare@toolbar [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Sunbird\Profiles\cjuebd86.default\extensions [2010/12/30 02:23:31 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\searchplugins\askcom.xml [2011/02/04 12:38:45 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\searchplugins\bing-zugo.xml [2012/01/25 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/10/24 20:16:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/11/11 14:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2007/11/29 23:23:37 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2010/11/19 17:43:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008/08/05 07:55:16 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009/11/16 10:07:41 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png [2009/11/16 10:07:41 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml [2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\ O1 HOSTS File: ([2008/08/05 20:13:25 | 000,256,667 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8926 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {42E2A9BC-AE0E-4929-8223-E6E6C8F8D842} - Reg Error: Value error. File not found O2 - BHO: (Reg Error: Value error.) - {55535FA8-BB23-4C2F-B2A5-E44AB123A101} - Reg Error: Value error. File not found O2 - BHO: (Reg Error: Value error.) - {6A851EC6-435E-42AE-B35D-9AD0E5DEE0D6} - Reg Error: Value error. File not found O2 - BHO: (Freecause Toolbar BHO) - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll () O2 - BHO: (Reg Error: Value error.) - {CE918BEE-9F07-450D-94EB-DAE34BCF23Ad} - Reg Error: Value error. File not found O2 - BHO: (Reg Error: Value error.) - {E964D0CE-5DAA-417C-A33D-663A16CFE1E1} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (Causes) - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E90B0675-C723-4F48-995C-A0A686A2507B} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E90B0675-C723-4F48-995C-A0A686A2507B} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\ShellBrowser: (no name) - {E90B0675-C723-4F48-995C-A0A686A2507B} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\..\Toolbar\WebBrowser: (Causes) - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll () O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1374101668-94510307-1338816319-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &AOL Toolbar Search - Reg Error: Value error. File not found O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html File not found O8 - Extra context menu item: &Search - ?p=ZUxdm265YYUS File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Translate with &Babylon - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217949355452 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BB7396-D8BA-4D52-BAF8-8A97A6D6B493}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\wvwts: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: ThreadingModel - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/10/27 19:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{362bdd7c-0ff4-11e0-a0ed-0013d3cad0e4}\Shell\AutoRun\command - "" = M:\setup.exe O33 - MountPoints2\{f5e0d7be-45a2-11df-9ff5-0013d3cad0e4}\Shell - "" = AutoRun O33 - MountPoints2\{f5e0d7be-45a2-11df-9ff5-0013d3cad0e4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f5e0d7be-45a2-11df-9ff5-0013d3cad0e4}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{f85cee81-1e6d-11df-9f99-0013d3cad0e4}\Shell\AutoRun\command - "" = L:\Windows\bin\eblSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/27 14:56:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe [2012/01/27 14:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\tdsskiller [2012/01/26 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/26 21:04:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/01/26 21:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/26 20:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/01/26 18:50:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob\Recent [2008/08/05 08:00:41 | 001,075,536 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\Common Files\RegCure 1.5.0.0 Trial.exe [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/27 15:00:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job [2012/01/27 14:56:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe [2012/01/27 14:35:20 | 002,058,032 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\tdsskiller.exe [2012/01/27 10:24:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/27 10:24:38 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1374101668-94510307-1338816319-1007.job [2012/01/27 10:24:37 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1374101668-94510307-1338816319-1008.job [2012/01/27 10:20:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/27 10:20:21 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys [2012/01/27 09:47:19 | 000,000,195 | RHS- | M] () -- C:\boot.ini [2012/01/27 09:43:03 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job [2012/01/26 18:39:46 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/01/26 18:13:28 | 000,183,958 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/01/26 18:04:29 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/26 18:04:29 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/26 17:37:04 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job [2012/01/25 21:31:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/01/16 18:51:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012/01/15 16:33:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/27 14:35:10 | 002,058,032 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\tdsskiller.exe [2011/04/19 09:58:43 | 000,174,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/04/24 17:24:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010/04/24 17:24:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2010/03/11 17:15:56 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe [2010/03/11 17:15:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe [2010/03/11 17:15:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2010/02/20 17:32:35 | 000,074,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/09/19 09:00:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/03/10 13:15:05 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 22:30:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/03/07 10:43:31 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI [2008/02/09 14:17:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008/01/23 22:34:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2007/11/29 20:36:43 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007/10/24 20:15:33 | 000,004,564 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/10/14 20:18:06 | 000,827,024 | ---- | C] () -- C:\Program Files\PhotoGreetingCards.exe [2007/10/13 12:49:10 | 000,498,985 | -HS- | C] () -- C:\WINDOWS\System32\dfhjl.ini [2007/10/13 10:41:51 | 001,394,568 | ---- | C] () -- C:\Program Files\install_easyshare.exe [2007/10/06 07:49:11 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\fbobmptg.ini [2007/10/06 07:12:02 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\cbfyqmvq.ini [2007/10/05 13:41:13 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\mkcsmljp.ini [2007/10/05 13:10:45 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\dbgdyspw.ini [2007/10/02 06:11:55 | 534,896,640 | ---- | C] () -- C:\Program Files\Microsoft office2k7 BSU.exe [2007/10/01 14:59:01 | 000,693,412 | -HS- | C] () -- C:\WINDOWS\System32\kuhxwlfu.ini [2007/09/29 15:52:50 | 000,693,412 | -HS- | C] () -- C:\WINDOWS\System32\iskgqeji.ini [2007/09/29 15:38:20 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\pbrrjfes.ini [2007/09/29 13:20:24 | 000,693,533 | -HS- | C] () -- C:\WINDOWS\System32\vstyiykq.ini [2007/09/29 13:11:32 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\fsqvnbjc.ini [2007/09/29 13:09:43 | 000,694,013 | -HS- | C] () -- C:\WINDOWS\System32\kkdiewvb.ini [2007/09/29 11:23:01 | 000,693,971 | -HS- | C] () -- C:\WINDOWS\System32\auctwkrc.ini [2007/09/29 11:10:05 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\klshxrpt.ini [2007/09/28 12:18:55 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\cylcstxl.ini [2007/09/28 11:45:35 | 000,693,412 | -HS- | C] () -- C:\WINDOWS\System32\shpxewma.ini [2007/09/28 06:57:18 | 000,694,245 | -HS- | C] () -- C:\WINDOWS\System32\ggfshbsj.ini [2007/09/27 21:24:36 | 000,694,185 | -HS- | C] () -- C:\WINDOWS\System32\xidddspu.ini [2007/09/27 20:42:58 | 000,694,065 | -HS- | C] () -- C:\WINDOWS\System32\pkjteruk.ini [2007/09/27 19:48:58 | 000,693,851 | -HS- | C] () -- C:\WINDOWS\System32\fsibombc.ini [2007/09/27 15:28:30 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\blobvstm.ini [2007/09/27 15:00:19 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\nopolenl.ini [2007/09/27 13:43:54 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\uxrlxohp.ini [2007/09/27 12:46:58 | 000,693,533 | -HS- | C] () -- C:\WINDOWS\System32\etljfcwi.ini [2007/09/27 06:06:52 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\ffroetlg.ini [2007/09/27 05:29:25 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\hjyqibat.ini [2007/09/26 20:51:44 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\psrqoilh.ini [2007/09/26 20:20:09 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\vaowwaxm.ini [2007/09/26 19:51:59 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\fxeyvikp.ini [2007/09/26 18:30:33 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\uapnxsed.ini [2007/09/26 17:44:28 | 000,693,533 | -HS- | C] () -- C:\WINDOWS\System32\ravpncsc.ini [2007/09/26 09:13:01 | 000,693,412 | -HS- | C] () -- C:\WINDOWS\System32\qesxrwmn.ini [2007/09/25 19:37:34 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\epiolhxc.ini [2007/09/25 17:17:01 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\hbmxttyd.ini [2007/09/25 16:31:31 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\aysdqvet.ini [2007/09/24 20:50:11 | 000,694,013 | -HS- | C] () -- C:\WINDOWS\System32\dlublssg.ini [2007/09/24 20:12:35 | 000,693,944 | -HS- | C] () -- C:\WINDOWS\System32\qvdrfcyy.ini [2007/09/24 17:23:08 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\asvaauqv.ini [2007/09/23 19:59:58 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\irvdtpjg.ini [2007/09/23 18:31:23 | 000,693,430 | -HS- | C] () -- C:\WINDOWS\System32\nxuhakke.ini [2007/09/23 13:19:48 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\qnmlabqy.ini [2007/09/23 07:17:56 | 000,693,421 | -HS- | C] () -- C:\WINDOWS\System32\jaexijto.ini [2007/09/22 21:35:56 | 000,693,833 | -HS- | C] () -- C:\WINDOWS\System32\macvbjjv.ini [2007/09/22 19:45:39 | 000,693,713 | -HS- | C] () -- C:\WINDOWS\System32\kmhqsefj.ini [2007/09/22 18:22:00 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\umsoumye.ini [2007/09/22 16:13:18 | 000,693,524 | -HS- | C] () -- C:\WINDOWS\System32\qkgjodgp.ini [2007/09/22 12:42:21 | 000,693,542 | -HS- | C] () -- C:\WINDOWS\System32\ouijlcjn.ini [2007/09/22 11:07:11 | 000,693,533 | -HS- | C] () -- C:\WINDOWS\System32\rewjvsyn.ini [2007/09/22 09:25:43 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\uwwmlfey.ini [2007/09/21 15:00:41 | 001,012,375 | -HS- | C] () -- C:\WINDOWS\System32\ghfbusqk.ini [2007/09/21 14:30:18 | 001,097,149 | -HS- | C] () -- C:\WINDOWS\System32\rwvxstfl.ini [2007/09/20 20:34:50 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\fpvoaplh.ini [2007/09/20 19:31:42 | 000,693,430 | -HS- | C] () -- C:\WINDOWS\System32\dtsedqrt.ini [2007/09/20 15:19:47 | 000,693,430 | -HS- | C] () -- C:\WINDOWS\System32\sexuluuf.ini [2007/08/23 17:28:12 | 001,602,464 | -HS- | C] () -- C:\WINDOWS\System32\vxxbc.ini [2007/08/19 22:26:08 | 001,228,943 | -HS- | C] () -- C:\WINDOWS\System32\ltegjehu.ini [2007/08/18 14:07:40 | 001,605,222 | -HS- | C] () -- C:\WINDOWS\System32\tvvut.ini [2007/08/13 17:49:46 | 001,201,818 | -HS- | C] () -- C:\WINDOWS\System32\xtnjhlun.ini [2007/08/13 14:55:12 | 000,000,517 | -HS- | C] () -- C:\WINDOWS\System32\kacdtnap.ini [2007/08/13 14:37:36 | 000,000,457 | -HS- | C] () -- C:\WINDOWS\System32\jxfxauww.ini [2007/08/12 18:33:14 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\bhiipcoq.ini [2007/08/12 15:04:09 | 001,214,123 | -HS- | C] () -- C:\WINDOWS\System32\xqtyfnrl.ini [2007/08/12 13:52:56 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\vaicmmnj.ini [2007/08/12 13:52:23 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\udktagvj.ini [2007/08/10 20:20:14 | 001,219,628 | -HS- | C] () -- C:\WINDOWS\System32\lsttemtt.ini [2007/08/10 18:08:51 | 001,214,099 | -HS- | C] () -- C:\WINDOWS\System32\ibtcjktg.ini [2007/08/10 17:29:02 | 001,213,898 | -HS- | C] () -- C:\WINDOWS\System32\dictpoxw.ini [2007/08/10 16:36:07 | 001,214,038 | -HS- | C] () -- C:\WINDOWS\System32\coaxteif.ini [2007/08/10 15:25:30 | 001,213,850 | -HS- | C] () -- C:\WINDOWS\System32\vuchxwlq.ini [2007/08/10 14:03:41 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\escntqxg.ini [2007/08/10 14:02:34 | 001,213,781 | -HS- | C] () -- C:\WINDOWS\System32\wpbhondm.ini [2007/08/09 22:34:00 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\cbhqktqh.ini [2007/08/09 20:48:17 | 001,213,808 | -HS- | C] () -- C:\WINDOWS\System32\yoklcbla.ini [2007/08/09 19:59:16 | 000,000,525 | -HS- | C] () -- C:\WINDOWS\System32\tnewgsuh.ini [2007/08/09 17:49:49 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\oiafodfk.ini [2007/08/09 17:43:23 | 001,213,841 | -HS- | C] () -- C:\WINDOWS\System32\mhjnxlny.ini [2007/08/09 15:46:23 | 001,191,460 | -HS- | C] () -- C:\WINDOWS\System32\solbkmxw.ini [2007/08/09 15:30:39 | 001,202,104 | -HS- | C] () -- C:\WINDOWS\System32\eqswqxba.ini [2007/08/09 14:40:44 | 001,191,227 | -HS- | C] () -- C:\WINDOWS\System32\nkalfacv.ini [2007/08/09 14:39:29 | 001,738,385 | -HS- | C] () -- C:\WINDOWS\System32\xyxyb.ini [2007/08/09 10:13:34 | 001,200,001 | -HS- | C] () -- C:\WINDOWS\System32\joahhvrl.ini [2007/08/09 07:00:17 | 001,195,352 | -HS- | C] () -- C:\WINDOWS\System32\fnrbbtto.ini [2007/08/08 17:31:21 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\plqaodde.ini [2007/08/08 17:30:46 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\yablcnaq.ini [2007/08/08 13:42:11 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\bpytumii.ini [2007/08/08 13:35:07 | 001,202,542 | -HS- | C] () -- C:\WINDOWS\System32\glfehdps.ini [2007/08/08 11:51:11 | 001,191,047 | -HS- | C] () -- C:\WINDOWS\System32\vckjoqxk.ini [2007/08/08 11:50:27 | 001,730,180 | -HS- | C] () -- C:\WINDOWS\System32\opppo.ini [2007/08/08 06:43:08 | 001,195,293 | -HS- | C] () -- C:\WINDOWS\System32\rfwcqjqw.ini [2007/08/07 22:17:29 | 001,199,959 | -HS- | C] () -- C:\WINDOWS\System32\bceuuier.ini [2007/08/07 21:49:13 | 001,190,928 | -HS- | C] () -- C:\WINDOWS\System32\jovfhcrv.ini [2007/08/07 21:11:55 | 000,000,457 | -HS- | C] () -- C:\WINDOWS\System32\efaynysf.ini [2007/08/07 19:04:36 | 001,190,913 | -HS- | C] () -- C:\WINDOWS\System32\sbwaeyhf.ini [2007/08/07 16:22:53 | 001,191,196 | -HS- | C] () -- C:\WINDOWS\System32\pmdhteke.ini [2007/08/07 15:52:31 | 000,000,517 | -HS- | C] () -- C:\WINDOWS\System32\kvubvqwk.ini [2007/08/07 15:50:50 | 000,000,525 | -HS- | C] () -- C:\WINDOWS\System32\tecfromm.ini [2007/08/07 15:15:03 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\libnklbm.ini [2007/08/07 15:14:24 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\hvfueppi.ini [2007/08/07 14:46:30 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\vlvbafyn.ini [2007/08/07 13:55:28 | 001,190,818 | -HS- | C] () -- C:\WINDOWS\System32\fxxbbmdq.ini [2007/08/07 13:54:39 | 001,190,868 | -HS- | C] () -- C:\WINDOWS\System32\jxaadcwm.ini [2007/08/06 19:17:53 | 001,199,839 | -HS- | C] () -- C:\WINDOWS\System32\xprbagbl.ini [2007/08/06 18:52:19 | 001,202,845 | -HS- | C] () -- C:\WINDOWS\System32\sdjpyhsp.ini [2007/08/06 18:51:48 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\ibonrdyq.ini [2007/08/06 18:45:25 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\mcghdoog.ini [2007/08/06 18:15:14 | 000,000,645 | -HS- | C] () -- C:\WINDOWS\System32\qfgcsvjs.ini [2007/08/06 14:15:19 | 001,204,870 | -HS- | C] () -- C:\WINDOWS\System32\etbmupjm.ini [2007/08/05 23:29:18 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\ccfrlqoq.ini [2007/08/05 23:26:29 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\gtfbbmer.ini [2007/08/05 11:33:13 | 001,209,248 | -HS- | C] () -- C:\WINDOWS\System32\arjbuhvy.ini [2007/08/04 16:02:47 | 001,204,740 | -HS- | C] () -- C:\WINDOWS\System32\qjovxhud.ini [2007/08/04 12:16:00 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\vviyoncn.ini [2007/08/04 02:06:58 | 001,206,404 | -HS- | C] () -- C:\WINDOWS\System32\lmsrgpiv.ini [2007/08/03 18:29:29 | 001,177,829 | -HS- | C] () -- C:\WINDOWS\System32\mlmwglmv.ini [2007/08/03 09:59:19 | 001,205,971 | -HS- | C] () -- C:\WINDOWS\System32\nwxjeqkq.ini [2007/08/03 07:54:03 | 001,205,878 | -HS- | C] () -- C:\WINDOWS\System32\rbqhhxdv.ini [2007/08/02 22:04:24 | 001,205,884 | -HS- | C] () -- C:\WINDOWS\System32\mwjsrbgp.ini [2007/08/02 20:50:40 | 001,205,674 | -HS- | C] () -- C:\WINDOWS\System32\mdgauptm.ini [2007/08/02 15:19:32 | 001,205,492 | -HS- | C] () -- C:\WINDOWS\System32\qffbewfw.ini [2007/08/01 15:19:31 | 001,190,133 | -HS- | C] () -- C:\WINDOWS\System32\jfwobajo.ini [2007/08/01 14:44:20 | 000,228,773 | -HS- | C] () -- C:\WINDOWS\System32\iafxfkby.ini [2007/08/01 07:21:04 | 001,205,492 | -HS- | C] () -- C:\WINDOWS\System32\pxfxjvcu.ini [2007/08/01 07:14:28 | 001,204,740 | -HS- | C] () -- C:\WINDOWS\System32\nwlmswbv.ini [2007/07/29 14:20:11 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\mgbllhvq.ini [2007/07/29 14:19:06 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\ucbaugxj.ini [2007/07/29 01:33:44 | 001,248,313 | -HS- | C] () -- C:\WINDOWS\System32\twccraut.ini [2007/07/28 22:23:18 | 001,248,425 | -HS- | C] () -- C:\WINDOWS\System32\qluvutch.ini [2007/07/28 16:18:09 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\bjyacrcx.ini [2007/07/28 16:00:32 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\webfsxhy.ini [2007/07/28 15:32:54 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\hnntvwgw.ini [2007/07/28 14:34:21 | 001,248,398 | -HS- | C] () -- C:\WINDOWS\System32\lemigngq.ini [2007/07/28 11:52:24 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\snotlgtw.ini [2007/07/28 09:58:19 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\jccgotdd.ini [2007/07/27 09:58:04 | 001,248,285 | -HS- | C] () -- C:\WINDOWS\System32\xlingowx.ini [2007/07/26 16:10:45 | 001,248,345 | -HS- | C] () -- C:\WINDOWS\System32\hwbjevgo.ini [2007/07/26 01:11:27 | 001,207,844 | -HS- | C] () -- C:\WINDOWS\System32\luscbdqu.ini [2007/07/25 23:51:24 | 000,002,999 | -HS- | C] () -- C:\WINDOWS\System32\pwlmefhh.ini [2007/07/25 15:42:55 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\efagiakr.ini [2007/07/25 15:23:42 | 000,000,988 | -HS- | C] () -- C:\WINDOWS\System32\opnbxbpn.ini [2007/07/24 14:10:10 | 000,215,841 | -HS- | C] () -- C:\WINDOWS\System32\gngmdrea.ini [2007/07/24 14:06:16 | 001,741,399 | -HS- | C] () -- C:\WINDOWS\System32\uxabc.ini [2007/07/23 17:30:17 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\drbghhwv.ini [2007/07/23 13:15:18 | 001,142,154 | -HS- | C] () -- C:\WINDOWS\System32\rucbofmb.ini [2007/07/20 09:04:20 | 001,135,222 | -HS- | C] () -- C:\WINDOWS\System32\agnrxfgk.ini [2007/07/20 01:42:58 | 001,135,103 | -HS- | C] () -- C:\WINDOWS\System32\kolccutg.ini [2007/07/19 16:07:01 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\fkhunsif.ini [2007/07/18 23:07:26 | 001,164,768 | -HS- | C] () -- C:\WINDOWS\System32\vgvkajdk.ini [2007/07/18 22:51:06 | 001,137,970 | -HS- | C] () -- C:\WINDOWS\System32\hewyhins.ini [2007/07/17 23:55:03 | 001,137,842 | -HS- | C] () -- C:\WINDOWS\System32\aqfagfom.ini [2007/07/17 23:09:10 | 001,137,053 | -HS- | C] () -- C:\WINDOWS\System32\ltxfdhtt.ini [2007/07/17 09:30:42 | 001,137,012 | -HS- | C] () -- C:\WINDOWS\System32\fugublls.ini [2007/07/17 09:07:34 | 001,136,874 | -HS- | C] () -- C:\WINDOWS\System32\djhotuvm.ini [2007/07/16 22:00:00 | 001,191,716 | -HS- | C] () -- C:\WINDOWS\System32\mrjushko.ini [2007/07/16 18:52:17 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\ijtirbsr.ini [2007/07/16 18:27:44 | 001,191,587 | -HS- | C] () -- C:\WINDOWS\System32\gealctxg.ini [2007/07/16 18:18:59 | 001,191,467 | -HS- | C] () -- C:\WINDOWS\System32\hpignqkl.ini [2007/07/16 17:13:09 | 001,191,887 | -HS- | C] () -- C:\WINDOWS\System32\jdlsgmye.ini [2007/07/16 15:28:49 | 000,000,705 | -HS- | C] () -- C:\WINDOWS\System32\isurofeb.ini [2007/07/16 14:58:16 | 001,191,646 | -HS- | C] () -- C:\WINDOWS\System32\gpgpprpt.ini [2007/07/16 09:34:46 | 000,000,585 | -HS- | C] () -- C:\WINDOWS\System32\ffjlbyjj.ini [2007/07/16 09:10:37 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\abhumqem.ini [2007/07/16 08:17:01 | 001,191,725 | -HS- | C] () -- C:\WINDOWS\System32\hnttwycd.ini [2007/07/16 07:56:25 | 000,000,525 | -HS- | C] () -- C:\WINDOWS\System32\lgbksqsh.ini [2007/07/16 07:53:37 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\mtdjjrny.ini [2007/07/16 01:10:22 | 001,105,479 | -HS- | C] () -- C:\WINDOWS\System32\kolclyjj.ini [2007/07/15 17:02:54 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\nsbtketd.ini [2007/07/15 16:46:03 | 001,192,939 | -HS- | C] () -- C:\WINDOWS\System32\gqgwshcr.ini [2007/07/15 16:44:48 | 001,192,819 | -HS- | C] () -- C:\WINDOWS\System32\pyevfpqx.ini [2007/07/15 07:45:06 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\obkjvjnm.ini [2007/07/14 21:30:33 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\qkfsodql.ini [2007/07/14 21:24:31 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\jlusxwbs.ini [2007/07/14 18:40:16 | 001,193,179 | -HS- | C] () -- C:\WINDOWS\System32\oihgopgu.ini [2007/07/13 17:51:27 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\ftxdigup.ini [2007/07/11 21:30:54 | 001,193,128 | -HS- | C] () -- C:\WINDOWS\System32\lgufdcid.ini [2007/07/11 20:54:20 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\ymribagd.ini [2007/07/11 08:05:55 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/07/11 07:42:06 | 000,110,641 | -HS- | C] () -- C:\WINDOWS\System32\ixdlwccs.ini [2007/07/11 06:43:09 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\qudmeqxk.ini [2007/07/10 14:10:32 | 001,191,870 | -HS- | C] () -- C:\WINDOWS\System32\qemirxln.ini [2007/07/10 13:50:46 | 001,105,469 | -HS- | C] () -- C:\WINDOWS\System32\trkrefiu.ini [2007/07/10 13:34:18 | 001,105,409 | -HS- | C] () -- C:\WINDOWS\System32\nijpwtra.ini [2007/07/10 01:49:06 | 001,054,242 | -HS- | C] () -- C:\WINDOWS\System32\qgaojipm.ini [2007/07/09 19:55:18 | 001,054,122 | -HS- | C] () -- C:\WINDOWS\System32\wdoutjlq.ini [2007/07/09 18:48:14 | 001,054,541 | -HS- | C] () -- C:\WINDOWS\System32\hxigdtbp.ini [2007/07/09 18:20:13 | 001,054,491 | -HS- | C] () -- C:\WINDOWS\System32\uhytoduf.ini [2007/07/09 17:49:28 | 001,054,362 | -HS- | C] () -- C:\WINDOWS\System32\hbrtcdor.ini [2007/07/09 16:22:39 | 001,054,122 | -HS- | C] () -- C:\WINDOWS\System32\qpmikaec.ini [2007/07/09 15:52:33 | 001,054,242 | -HS- | C] () -- C:\WINDOWS\System32\gmegrqhg.ini [2007/07/09 15:51:44 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\lqehrxuo.ini [2007/07/09 14:54:33 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\juneanyt.ini [2007/07/09 09:18:43 | 001,054,182 | -HS- | C] () -- C:\WINDOWS\System32\cjytiyyr.ini [2007/07/09 09:00:44 | 001,054,432 | -HS- | C] () -- C:\WINDOWS\System32\pfmxrkkb.ini [2007/07/08 21:16:59 | 001,173,281 | -HS- | C] () -- C:\WINDOWS\System32\bttjooum.ini [2007/07/08 18:30:44 | 001,054,310 | -HS- | C] () -- C:\WINDOWS\System32\dvpfdovd.ini [2007/07/08 13:18:02 | 001,054,209 | -HS- | C] () -- C:\WINDOWS\System32\cgbabjku.ini [2007/07/07 22:08:15 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\kyjrsmuj.ini [2007/07/07 20:32:46 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\tvpgmrsb.ini [2007/07/07 20:27:56 | 001,054,122 | -HS- | C] () -- C:\WINDOWS\System32\xgcfaiic.ini [2007/07/07 19:00:51 | 001,054,242 | -HS- | C] () -- C:\WINDOWS\System32\taskrqow.ini [2007/07/07 18:52:06 | 001,054,122 | -HS- | C] () -- C:\WINDOWS\System32\inilieph.ini [2007/07/07 16:28:26 | 001,054,182 | -HS- | C] () -- C:\WINDOWS\System32\vmgumdeq.ini [2007/07/07 15:02:49 | 001,102,701 | -HS- | C] () -- C:\WINDOWS\System32\ljvcrgja.ini [2007/07/07 15:02:19 | 001,054,122 | -HS- | C] () -- C:\WINDOWS\System32\cyflbiij.ini [2007/07/07 14:50:21 | 001,054,191 | -HS- | C] () -- C:\WINDOWS\System32\ywsmmhfu.ini [2007/07/07 13:32:22 | 001,054,131 | -HS- | C] () -- C:\WINDOWS\System32\jnggxgdk.ini [2007/07/07 13:26:30 | 001,054,122 | -HS- | C] () -- C:\WINDOWS\System32\ubiohlad.ini [2007/07/07 11:10:53 | 001,054,182 | -HS- | C] () -- C:\WINDOWS\System32\uhailqpb.ini [2007/07/07 10:08:50 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\xikupkjx.ini [2007/07/07 08:25:43 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\etclhtwx.ini [2007/07/06 21:24:47 | 001,013,795 | -HS- | C] () -- C:\WINDOWS\System32\vsdoqkll.ini [2007/07/06 21:15:16 | 001,013,727 | -HS- | C] () -- C:\WINDOWS\System32\jxnnteof.ini [2007/07/06 16:46:28 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\qiyepocd.ini [2007/07/06 16:13:07 | 001,054,448 | -HS- | C] () -- C:\WINDOWS\System32\oelbbuyt.ini [2007/07/06 15:39:19 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\sijkcqef.ini [2007/07/06 14:24:21 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\hiqffqeg.ini [2007/07/06 02:59:46 | 001,020,959 | -HS- | C] () -- C:\WINDOWS\System32\dakisohx.ini [2007/07/05 23:04:54 | 001,051,841 | -HS- | C] () -- C:\WINDOWS\System32\ururptpq.ini [2007/07/05 23:03:27 | 001,848,038 | -HS- | C] () -- C:\WINDOWS\System32\dccdd.ini [2007/07/05 21:15:53 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\mahglqqs.ini [2007/07/05 13:06:33 | 001,053,987 | -HS- | C] () -- C:\WINDOWS\System32\fmgotqkp.ini [2007/07/04 22:27:33 | 001,051,740 | -HS- | C] () -- C:\WINDOWS\System32\prlemekp.ini [2007/07/04 22:26:26 | 001,051,602 | -HS- | C] () -- C:\WINDOWS\System32\etmunuct.ini [2007/07/04 11:04:32 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\bdovsjff.ini [2007/07/04 09:36:36 | 001,054,662 | -HS- | C] () -- C:\WINDOWS\System32\ciwwjuay.ini [2007/07/03 07:44:08 | 000,999,926 | -HS- | C] () -- C:\WINDOWS\System32\ucdbufpn.ini [2007/07/02 12:38:16 | 000,999,791 | -HS- | C] () -- C:\WINDOWS\System32\lwjbaanc.ini [2007/07/01 12:21:24 | 000,999,866 | -HS- | C] () -- C:\WINDOWS\System32\niumimje.ini [2007/07/01 12:08:56 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\dnyrywnn.ini [2007/07/01 10:29:06 | 001,053,848 | -HS- | C] () -- C:\WINDOWS\System32\agwstcoa.ini [2007/07/01 08:07:13 | 000,999,755 | -HS- | C] () -- C:\WINDOWS\System32\bhekxgeb.ini [2007/06/30 16:40:06 | 000,999,627 | -HS- | C] () -- C:\WINDOWS\System32\aqqkrlon.ini [2007/06/30 12:50:16 | 000,999,750 | -HS- | C] () -- C:\WINDOWS\System32\ehlcbmog.ini [2007/06/29 17:08:10 | 000,999,636 | -HS- | C] () -- C:\WINDOWS\System32\mjpgbdvj.ini [2007/06/29 10:51:13 | 001,030,781 | -HS- | C] () -- C:\WINDOWS\System32\fckpoflj.ini [2007/06/29 10:37:44 | 000,999,567 | -HS- | C] () -- C:\WINDOWS\System32\hfiestak.ini [2007/06/28 20:55:00 | 000,960,118 | -HS- | C] () -- C:\WINDOWS\System32\chhwcswr.ini [2007/06/28 20:54:16 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\qlpcrtuk.ini [2007/06/28 08:01:27 | 000,981,600 | -HS- | C] () -- C:\WINDOWS\System32\wmfkmjul.ini [2007/06/27 06:43:43 | 000,981,480 | -HS- | C] () -- C:\WINDOWS\System32\ruqgromk.ini [2007/06/26 15:00:05 | 000,944,826 | -HS- | C] () -- C:\WINDOWS\System32\sjfjyawr.ini [2007/06/26 11:04:31 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\lpmimuqs.ini [2007/06/25 11:02:22 | 000,936,166 | -HS- | C] () -- C:\WINDOWS\System32\fiyfsxie.ini [2007/06/25 11:01:17 | 000,914,826 | -HS- | C] () -- C:\WINDOWS\System32\klrydxvl.ini [2007/06/24 11:00:48 | 000,914,804 | -HS- | C] () -- C:\WINDOWS\System32\nyuxhkkt.ini [2007/06/23 10:58:18 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\ywbmbbyc.ini [2007/06/22 16:59:58 | 000,914,705 | -HS- | C] () -- C:\WINDOWS\System32\dekxdrxq.ini [2007/06/20 18:28:04 | 000,914,586 | -HS- | C] () -- C:\WINDOWS\System32\iqbinlad.ini [2007/06/20 15:33:46 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\mvkppmhj.ini [2007/06/20 10:29:41 | 000,944,697 | -HS- | C] () -- C:\WINDOWS\System32\lpbdbueq.ini [2007/06/19 22:20:48 | 000,902,165 | -HS- | C] () -- C:\WINDOWS\System32\mxooidhm.ini [2007/06/19 22:18:21 | 000,999,687 | -HS- | C] () -- C:\WINDOWS\System32\rpelupxy.ini [2007/06/19 21:02:32 | 000,000,525 | -HS- | C] () -- C:\WINDOWS\System32\ubyhlger.ini [2007/06/19 20:50:35 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\rkhpthbq.ini [2007/06/19 07:17:14 | 000,900,712 | -HS- | C] () -- C:\WINDOWS\System32\vushymjv.ini [2007/06/18 15:35:20 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\rddeqhov.ini [2007/06/17 21:10:53 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\rgqeuajl.ini [2007/06/17 21:00:03 | 000,921,898 | -HS- | C] () -- C:\WINDOWS\System32\qjntcgtx.ini [2007/06/17 20:59:30 | 000,921,770 | -HS- | C] () -- C:\WINDOWS\System32\pxkcsbrt.ini [2007/06/17 19:36:55 | 000,921,770 | -HS- | C] () -- C:\WINDOWS\System32\ddbejrcb.ini [2007/06/16 13:56:19 | 000,921,830 | -HS- | C] () -- C:\WINDOWS\System32\eetdcwmp.ini [2007/06/13 10:42:59 | 000,931,084 | -HS- | C] () -- C:\WINDOWS\System32\jrldeiwi.ini [2007/06/06 15:16:17 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VYAAUFMZPWPP.SYS [2007/06/05 16:55:34 | 001,608,845 | -HS- | C] () -- C:\WINDOWS\System32\fehkj.ini [2007/06/05 09:17:34 | 000,921,959 | -HS- | C] () -- C:\WINDOWS\System32\wyusxgxq.ini [2007/05/26 13:02:10 | 001,548,309 | -HS- | C] () -- C:\WINDOWS\System32\prsru.ini [2007/05/25 22:11:00 | 001,547,676 | -HS- | C] () -- C:\WINDOWS\System32\noqss.ini [2007/05/25 19:13:10 | 001,558,004 | -HS- | C] () -- C:\WINDOWS\System32\fghhk.ini [2007/05/15 17:08:09 | 001,475,106 | -HS- | C] () -- C:\WINDOWS\System32\qqpoq.ini [2007/05/14 18:14:09 | 001,838,047 | -HS- | C] () -- C:\WINDOWS\System32\oopoq.ini [2007/05/10 19:58:37 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\clhjjiir.ini [2007/05/05 17:41:28 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\ypsnssqr.ini [2007/05/05 11:31:38 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\nkoyendf.ini [2007/05/03 17:04:52 | 000,000,474 | -HS- | C] () -- C:\WINDOWS\System32\lcdlkhmy.ini [2007/04/28 00:27:53 | 000,000,404 | -HS- | C] () -- C:\WINDOWS\System32\fcbmjcpk.ini [2007/04/27 23:08:47 | 000,000,463 | -HS- | C] () -- C:\WINDOWS\System32\tpghulyj.ini [2007/04/27 22:04:42 | 000,000,524 | -HS- | C] () -- C:\WINDOWS\System32\ndewsjmy.ini [2007/04/27 15:27:38 | 000,000,074 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini [2007/04/27 00:41:23 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/04/26 22:03:34 | 000,000,463 | -HS- | C] () -- C:\WINDOWS\System32\jyjbgtkw.ini [2007/04/26 22:03:23 | 001,374,680 | -HS- | C] () -- C:\WINDOWS\System32\ghhjl.ini [2007/04/23 02:09:35 | 000,001,948 | ---- | C] () -- C:\WINDOWS\tabled32.ini [2007/04/06 19:56:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007/04/06 19:56:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007/04/06 19:56:39 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007/04/06 19:56:39 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2007/04/03 19:14:45 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105 [2007/03/23 02:17:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/03/22 18:38:28 | 000,007,172 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007/02/21 11:01:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007/02/21 11:01:05 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/02/21 11:01:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/02/18 23:13:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini [2007/01/22 01:29:09 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini [2007/01/21 23:24:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/01/21 23:05:05 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2007/01/21 23:05:05 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2007/01/21 23:05:05 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2007/01/21 23:05:04 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2007/01/21 23:05:04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2007/01/21 23:05:03 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2007/01/19 20:55:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2007/01/19 20:55:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2007/01/15 20:44:00 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/01/15 19:41:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/01/15 19:22:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll [2007/01/15 19:08:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2007/01/15 17:45:07 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2007/01/15 17:45:07 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe [2007/01/15 17:42:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/01/15 17:39:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat [2007/01/15 17:37:55 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe [2007/01/15 17:36:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/01/15 17:00:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/01/15 17:00:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/01/15 17:00:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/01/15 17:00:01 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/01/15 16:59:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/01/15 16:59:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/01/15 16:59:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/01/15 16:59:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/01/15 16:58:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/01/15 16:57:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/03 20:23:20 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/02/03 20:23:04 | 000,272,384 | ---- | C] () -- C:\WINDOWS\System32\oecom.dll [2006/02/03 20:22:40 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\oeapiinitcom.dll [2005/12/05 08:58:18 | 000,251,392 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll [2005/10/29 23:41:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2005/10/29 23:40:59 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/10/29 23:40:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/10/29 23:40:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/10/29 23:40:57 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005/10/29 23:40:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/10/29 23:40:56 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2005/10/29 23:40:56 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/10/29 23:40:54 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2005/10/29 23:40:54 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2004/10/28 11:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/10/27 20:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe [2004/10/27 19:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/10/27 19:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/10/27 18:53:07 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/10/27 18:53:07 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2004/10/27 18:52:06 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/10/27 18:52:06 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/10/27 12:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/10/27 12:06:55 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002/05/15 11:13:20 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\SipCal.dll [1999/09/17 19:12:54 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\Seqcal.sys ========== LOP Check ========== [2008/05/31 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus [2007/06/14 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\COMCASTTOOLBAR [2007/06/14 17:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cosmi [2007/12/02 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire [2007/04/26 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ruckus Network [2009/01/20 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1227B [2009/01/19 23:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C274 [2009/01/19 22:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\8232 [2008/11/22 09:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2010/02/14 08:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/12/25 01:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2007/04/03 19:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft [2010/11/21 14:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2010/02/20 16:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma [2007/04/06 19:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2010/03/11 15:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2008/02/09 14:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2010/04/24 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2007/04/08 22:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software [2011/11/28 22:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime [2011/07/10 16:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/03/11 16:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/02/23 21:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/04/14 16:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/12/24 14:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/11 15:14:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2007/11/11 14:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\acccore [2010/06/15 19:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Azureus [2007/08/02 13:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Babylon [2010/03/01 16:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Comcast [2007/08/28 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Cosmi [2010/11/19 18:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Gmote [2008/10/30 19:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mjusbsp [2011/03/01 17:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\MsgCnf [2011/03/01 17:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\MyShoppingGenie [2009/02/20 09:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\PCToolsFirewallPlus [2011/07/07 15:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\PriceGong [2010/03/11 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SampleView [2008/06/25 13:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Skinux [2008/08/05 21:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SystemRequirementsLab [2008/08/05 20:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\TmpRecentIcons [2010/03/11 15:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\TuneUp Software [2011/04/06 11:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\uTorrent [2010/06/15 18:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\VirtualStore [2010/12/26 14:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\WeatherBug [2009/10/19 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\webex [2010/04/09 08:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Windows Search [2007/04/28 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\WinPatrol [2011/01/22 11:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\alotappbar [2010/02/20 18:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Amazon [2010/09/13 22:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\BlueMountain.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1 [2008/08/18 16:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/09/30 18:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Comcast [2008/05/31 11:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\ComcastToolbar [2008/05/31 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\FlashFXP [2007/01/31 22:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\iWin [2007/02/19 11:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\JAMS [2011/02/15 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\PCPowerSpeed [2009/02/20 20:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\PCToolsFirewallPlus [2008/02/09 14:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\pdf995 [2011/06/17 17:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\PriceGong [2011/09/28 08:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Propellerhead Software [2008/11/22 09:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\QQ Games [2008/11/22 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\QQ Games Plugin [2007/01/16 22:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\SampleView [2008/06/18 18:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Skinux [2007/04/20 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Snapfish [2008/11/22 09:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Tencent [2007/03/09 19:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Viewpoint [2011/09/27 23:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\WeatherBug [2011/12/16 19:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Windows Desktop Search [2010/06/08 16:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\Windows Search [2007/04/28 14:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darlene\Application Data\WinPatrol [2008/08/05 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\alot [2008/08/05 20:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR [2008/02/09 14:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\pdf995 [2012/01/16 18:51:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/12/16 22:04:41 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job [2012/01/26 17:37:04 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job [2012/01/27 15:00:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job [2012/01/27 09:43:03 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE1143A @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28477F5D @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3C56885 < End of report > TDSSKiller.2.7.7.0_27.01.2012_14.47.48_log.txt