Rootkit infection? RogueKiller Report...

[Squamish]

Another program just found a trojan on my system: Win32/Sirefef!cfg

Went to check MWB and found "Malicious Website Blocking" was not enabled and would not enable!

Followed the instructions here, (same problem with website blocking) http://forums.malwarebytes.org/index.php?showtopic=116008&hl=enable+malicious+website+blocking&fromsearch=1

Downloaded RogueKiller and this is the report; any help appreciated! Thanks in advance.

RogueKiller V8.0.4 [09/19/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : User1 [Admin rights]

Mode : Scan -- Date : 09/20/2012 07:29:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\User1\Application Data\Adobe\plugs --> FOUND

[Tr.Karagany][FOLDER] shed : C:\Documents and Settings\User1\Application Data\Adobe\shed --> FOUND

[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L --> FOUND

[ZeroAccess][FOLDER] U : C:\Documents and Settings\User1\Local Settings\Application Data\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Documents and Settings\User1\Local Settings\Application Data\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++

--- User ---

[MBR] 76ca9fdc5bea1d66eb6070cba2ced0f2

[bSP] e1415b92bd20d3d312f30e0dd5f81af0 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6L200S0 +++++

--- User ---

[MBR] 3dc1645f88e0ccf1c5fa566d2cabc716

[bSP] 1f06f7ef8d5f64f42062d3ce8a8819bf : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 194466 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[Maniac]

Hello Squamish! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

In your next reply, post the following log files:

• TDSSKiller log
  
• OTL log with Extras.txt

[Squamish]

Maniac, thank you for the quick reply. I have downloaded TDSSKiller from your link and checked all boxes, rebooted and run the program. "Cure" was not available as an action so I selected "Skip" for all problems found. The following is the report generated. It's huge, so I hope this is what you wanted me to post!?

Should I proceed with the second step now, or is further work with TDSSKiller required before proceeding?

Thank you!

Whoops! I can't post the report; I get an error message "post_too_long", so I've cut out most of it.

10:32:14.0000 3796 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

10:32:16.0000 3796 ============================================================

10:32:16.0000 3796 Current date / time: 2012/09/20 10:32:16.0000

10:32:16.0000 3796 SystemInfo:

10:32:16.0000 3796

10:32:16.0000 3796 OS Version: 5.1.2600 ServicePack: 3.0

10:32:16.0000 3796 Product type: Workstation

10:32:18.0343 3796 ComputerName: XPPRO

10:32:18.0343 3796 UserName: User1

10:32:18.0343 3796 Windows directory: C:\WINDOWS

10:32:18.0343 3796 System windows directory: C:\WINDOWS

10:32:18.0343 3796 Processor architecture: Intel x86

10:32:18.0343 3796 Number of processors: 2

10:32:18.0343 3796 Page size: 0x1000

10:32:18.0343 3796 Boot type: Normal boot

10:32:18.0343 3796 ============================================================

....

10:39:18.0968 2508 ============================================================

10:39:18.0968 2508 Scan finished

10:39:18.0968 2508 ============================================================

10:39:19.0078 2500 Detected object count: 14

10:39:19.0078 2500 Actual detected object count: 14

10:40:16.0265 2500 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0265 2500 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0265 2500 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0265 2500 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0265 2500 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0265 2500 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0265 2500 GT681x ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0265 2500 GT681x ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0281 2500 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0281 2500 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0281 2500 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0281 2500 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0281 2500 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0281 2500 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0296 2500 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0296 2500 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0296 2500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0296 2500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0296 2500 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0296 2500 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0296 2500 VOBID ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0296 2500 VOBID ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0296 2500 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user

10:40:16.0296 2500 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:40:16.0296 2500 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user

10:40:16.0296 2500 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip

10:40:16.0312 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:40:16.0312 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

[Squamish]

I have downloaded and run OTL "Quick Scan" , with "All Users" checked. Report as follows:

OTL logfile created on: 20/09/2012 10:56:33 AM - Run 1

OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\User1\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 65.21% Memory free

3.72 Gb Paging File | 3.25 Gb Available in Paging File | 87.26% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 78.62 Gb Free Space | 52.75% Space Free | Partition Type: NTFS

Drive E: | 189.91 Gb Total Space | 30.57 Gb Free Space | 16.10% Space Free | Partition Type: NTFS

Computer Name: XPPRO | User Name: User1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 10:52:51 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe

PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/23 10:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

PRC - [2001/08/24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe

PRC - [1998/07/23 13:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/01/12 14:45:34 | 000,020,886 | ---- | M] () -- C:\WINDOWS\system32\ddmon.dll

MOD - [2007/10/23 10:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

MOD - [2001/08/24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)

SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lautdjxa.sys -- (otkt)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/09/20 10:30:54 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{745277F5-29E2-4779-9FCA-8AD5A7193441}\MpKsla9b38e7b.sys -- (MpKsla9b38e7b)

DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/10/08 17:04:42 | 000,239,472 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)

DRV - [2011/09/20 14:29:32 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)

DRV - [2011/09/20 14:29:30 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)

DRV - [2010/12/28 02:44:47 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)

DRV - [2010/11/16 01:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)

DRV - [2009/09/10 15:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OlyCamComm.sys -- (OlyCamComm)

DRV - [2009/07/28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)

DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)

DRV - [2007/07/16 14:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)

DRV - [2007/07/16 14:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)

DRV - [2007/02/02 13:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/07/02 14:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/07/06 17:06:46 | 000,188,416 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)

DRV - [2004/06/01 12:41:46 | 000,064,000 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)

DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)

DRV - [2003/08/01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vobid.sys -- (VOBID)

DRV - [2001/11/25 02:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC)

DRV - [2001/10/04 11:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)

DRV - [2001/08/27 11:09:14 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt681x.sys -- (GT681x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.search.yahoo.com/web/advanced

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes,DefaultScope = Yahoo!

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{CF8FD575-3DCE-4A4C-ADF6-D98EC5C1E6DE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://ca.search.yahoo.com/web/advanced"

FF - prefs.js..extensions.enabledAddons: en-CA@dictionaries.addons.mozilla.org:2.0.5

FF - prefs.js..extensions.enabledAddons: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.5

FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8

FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.3

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/04/09 23:46:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/08 15:26:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/08 15:26:01 | 000,000,000 | ---D | M]

[2009/10/04 17:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions

[2012/09/15 23:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions

[2010/10/21 09:11:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/10/16 10:05:37 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2)

[2012/09/15 23:26:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/02/17 21:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}

[2009/10/08 23:18:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/11/09 22:47:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)

[2012/07/25 20:41:37 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2009/10/13 10:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\sus4ts1i.default\extensions

[2009/10/13 10:57:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\sus4ts1i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/10/13 10:57:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\sus4ts1i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/10/08 23:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\sus4ts1i.default\extensions

[2009/10/08 23:13:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User1\Application Data\Mozilla\sus4ts1i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/10/08 23:13:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\sus4ts1i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2010/05/04 20:31:43 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\searchplugins\MyStart Search.xml

[2012/09/06 17:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/10/05 12:11:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012/09/06 17:44:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/07/19 19:15:29 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/08/29 21:55:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/07/19 19:15:29 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/07/19 19:15:29 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/08/29 21:55:55 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2012/07/19 19:15:29 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/20 15:44:34 | 000,434,415 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14977 more lines...

O3 - HKLM\..\Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)

O4 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = File not found

O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\Corel Print Office Registration.lnk = C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)

O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe (Corel Corporation Limited)

O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\User1\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1256147026765 (MUCatalogWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260896473687 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - Reg Error: Value error. File not found

O18 - Protocol\Handler\intu-qt2009 - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/01 06:24:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 10:52:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe

[2012/09/20 10:27:22 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User1\Desktop\tdsskiller.exe

[2012/09/20 07:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\RK_Quarantine

[2012/09/17 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs

[2012/09/17 21:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Graphics Related Programs

[2012/09/17 21:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\NCH Software Suite

[2012/09/17 21:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs

[2012/09/17 21:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\NCH Software

[2012/09/17 21:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities

[2012/09/17 21:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite

[2012/09/17 21:10:41 | 000,734,344 | ---- | C] (NCH Software) -- C:\Documents and Settings\User1\Desktop\doxillionsetup.exe

[2012/09/17 21:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\AGM2012 English w_files

[2012/09/13 19:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/09/13 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/13 19:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/09/08 15:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NewBlue

[2012/09/08 15:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2012/09/08 15:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/09/08 15:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\CyberLink PowerDirector 10

[2012/09/08 14:16:31 | 000,583,544 | ---- | C] (CyberLink) -- C:\Program Files\CyberLink_PowerDirector_Downloader.exe

[2012/09/08 13:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Sony

[2012/09/06 17:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/08/28 20:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\Suite Walter's

[2012/08/26 12:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\Vintage JAPAN

[2012/08/22 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\Suite Walter's Resized

[2012/08/22 11:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Blackberry Desktop

[2012/08/22 11:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\BlackBerry

[2012/07/24 23:02:55 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mseinstall.exe

[2012/03/23 12:59:49 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.ProgramInstallUninstall.FISC.1255963545161770.1.1.Run.exe

[2012/03/23 12:47:54 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.ProgramInstallUninstall.RNP.1255962862156279.1.1.Run.exe

[2012/03/23 12:40:43 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Program Files\cnet_RI11demosetup_exe.exe

[2012/03/23 12:18:33 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Program Files\cnet_InstSocr_exe.exe

[2010/10/24 20:29:35 | 004,285,496 | ---- | C] (Auction Sentry ) -- C:\Program Files\ASDsetup.exe

[2010/09/09 21:05:00 | 641,476,032 | ---- | C] (Corel ) -- C:\Program Files\VSX3_Pro_TBYB.exe

[2009/01/07 03:21:05 | 011,817,800 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\GoogleEarth.exe

[2008/05/02 10:41:48 | 003,493,888 | ---- | C] (SanDisk Corporation) -- C:\Program Files\Launchpad Removal.exe

[2007/12/09 16:00:48 | 000,593,920 | ---- | C] (SanDisk) -- C:\Program Files\PelicanExtension.dll

[2007/10/23 10:33:16 | 002,129,920 | ---- | C] (U3) -- C:\Program Files\LPSecurityExtension.dll

[2007/10/23 10:32:10 | 000,544,768 | ---- | C] (TODO: <Company name>) -- C:\Program Files\SanDiskFormatExtension.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 10:52:51 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe

[2012/09/20 10:40:14 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/09/20 10:33:03 | 000,002,661 | ---- | M] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[2012/09/20 10:30:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/20 10:30:24 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job

[2012/09/20 10:30:23 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-2111687655-725345543-500.job

[2012/09/20 10:30:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-2111687655-725345543-1003.job

[2012/09/20 10:30:19 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/09/20 10:29:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/09/20 10:27:29 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User1\Desktop\tdsskiller.exe

[2012/09/20 10:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/20 09:05:21 | 000,005,157 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Deer.wpd

[2012/09/20 08:31:33 | 000,003,622 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Rootkit & Trojans.wpd

[2012/09/20 08:01:41 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\Corel Print Office Registration.lnk

[2012/09/20 07:51:29 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2012/09/20 07:37:28 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Rootkit infection RogueKiller Report... - Malwarebytes Forum.URL

[2012/09/20 07:27:13 | 001,382,912 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\RogueKiller.exe

[2012/09/17 21:13:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionReminder.job

[2012/09/17 21:12:12 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job

[2012/09/17 21:12:12 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismSevenDays.job

[2012/09/17 21:12:09 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk

[2012/09/17 21:11:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\PixillionSevenDays.job

[2012/09/17 21:11:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\PixillionReminder.job

[2012/09/17 21:11:46 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pixillion Image Converter.lnk

[2012/09/17 21:11:42 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\SwitchSevenDays.job

[2012/09/17 21:11:38 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk

[2012/09/17 21:11:02 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk

[2012/09/17 21:10:43 | 000,734,344 | ---- | M] (NCH Software) -- C:\Documents and Settings\User1\Desktop\doxillionsetup.exe

[2012/09/17 21:02:59 | 000,166,320 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\AGM2012 English w.htm

[2012/09/17 20:55:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/09/17 20:41:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-2111687655-725345543-1003.job

[2012/09/16 21:19:07 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/09/14 19:29:10 | 000,095,220 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/09/14 08:50:03 | 000,000,065 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\RSOE EDIS - Emergency and Disaster Information Service.URL

[2012/09/13 19:06:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/09/13 15:57:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/13 07:13:27 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Weather Forecast Victoria.URL

[2012/09/11 20:52:33 | 000,007,528 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\M41 Address.wpd

[2012/09/10 11:22:38 | 000,021,007 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Large Vertical Propane Tank.jpg

[2012/09/09 09:44:29 | 000,001,082 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\CyberLink PowerDirector 10.lnk

[2012/09/09 09:42:29 | 000,420,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/09/08 15:25:49 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2012/09/08 14:31:15 | 592,056,056 | ---- | M] () -- C:\Program Files\CyberLink.1703_GM5_Trial_VDE120314-02.exe

[2012/09/08 14:16:33 | 000,583,544 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink_PowerDirector_Downloader.exe

[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/09/06 21:18:07 | 000,001,070 | ---- | M] () -- C:\WINDOWS\checkip.dat

[2012/09/06 21:09:27 | 000,001,211 | ---- | M] () -- C:\WINDOWS\ipconfig.dat

[2012/09/06 18:50:44 | 000,017,711 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\boiled Linseed Oil.jpg

[2012/09/06 18:49:17 | 000,037,781 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Boiled Linseed Oil.php

[2012/09/05 22:32:25 | 000,005,293 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Inventory of Ammunition and Shooting Accessories Received.wpd

[2012/09/01 22:22:07 | 000,007,648 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Akro Bin.jpg

[2012/08/31 16:36:34 | 001,012,050 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00164.jpg

[2012/08/31 16:35:58 | 001,006,720 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00163.jpg

[2012/08/31 16:35:44 | 001,261,195 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00162.jpg

[2012/08/26 06:37:35 | 000,053,929 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP 1.jpg

[2012/08/26 06:37:16 | 000,096,294 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP.jpg

[2012/08/25 11:55:18 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Skin Deep® Cosmetics Database Environmental Working Group.URL

[2012/08/22 14:34:23 | 000,002,025 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\DFAIT.wpd

[2012/08/22 12:20:22 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\BlackBerry Desktop Software.lnk

[2012/08/22 11:06:06 | 113,258,446 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\601_b015.zip

[2012/08/22 09:00:34 | 047,735,320 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\421_b017_english.exe

[2012/08/22 07:22:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-2111687655-725345543-500.job

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 08:31:33 | 000,003,622 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Rootkit & Trojans.wpd

[2012/09/20 07:51:26 | 000,002,661 | ---- | C] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[2012/09/20 07:51:26 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[2012/09/20 07:51:26 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK

[2012/09/20 07:51:26 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\Corel Print Office Registration.lnk

[2012/09/20 07:37:28 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Rootkit infection RogueKiller Report... - Malwarebytes Forum.URL

[2012/09/20 07:27:10 | 001,382,912 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\RogueKiller.exe

[2012/09/17 21:13:02 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\DoxillionReminder.job

[2012/09/17 21:12:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job

[2012/09/17 21:12:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\prismSevenDays.job

[2012/09/17 21:12:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Prism Video File Converter.lnk

[2012/09/17 21:12:09 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk

[2012/09/17 21:11:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\PixillionSevenDays.job

[2012/09/17 21:11:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\PixillionReminder.job

[2012/09/17 21:11:46 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pixillion Image Converter.lnk

[2012/09/17 21:11:46 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Pixillion Image Converter.lnk

[2012/09/17 21:11:42 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\SwitchSevenDays.job

[2012/09/17 21:11:38 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk

[2012/09/17 21:11:38 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk

[2012/09/17 21:11:02 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Doxillion Document Converter.lnk

[2012/09/17 21:11:02 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk

[2012/09/17 21:02:45 | 000,166,320 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\AGM2012 English w.htm

[2012/09/14 08:50:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\RSOE EDIS - Emergency and Disaster Information Service.URL

[2012/09/13 19:06:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/09/13 07:13:27 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Weather Forecast Victoria.URL

[2012/09/11 20:52:33 | 000,007,528 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\M41 Address.wpd

[2012/09/10 11:22:36 | 000,021,007 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Large Vertical Propane Tank.jpg

[2012/09/08 15:25:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2012/09/08 15:23:49 | 000,001,082 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\CyberLink PowerDirector 10.lnk

[2012/09/08 14:16:59 | 592,056,056 | ---- | C] () -- C:\Program Files\CyberLink.1703_GM5_Trial_VDE120314-02.exe

[2012/09/06 21:10:06 | 000,001,070 | ---- | C] () -- C:\WINDOWS\checkip.dat

[2012/09/06 21:09:27 | 000,001,211 | ---- | C] () -- C:\WINDOWS\ipconfig.dat

[2012/09/06 18:50:43 | 000,017,711 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\boiled Linseed Oil.jpg

[2012/09/06 18:48:00 | 000,037,781 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Boiled Linseed Oil.php

[2012/09/05 22:10:37 | 000,005,293 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Inventory of Ammunition and Shooting Accessories Received.wpd

[2012/09/01 22:22:06 | 000,007,648 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Akro Bin.jpg

[2012/08/31 17:02:52 | 001,012,050 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00164.jpg

[2012/08/31 17:02:46 | 001,006,720 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00163.jpg

[2012/08/31 17:02:38 | 001,261,195 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00162.jpg

[2012/08/26 06:35:51 | 000,053,929 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP 1.jpg

[2012/08/26 06:35:37 | 000,096,294 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP.jpg

[2012/08/25 11:55:18 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Skin Deep® Cosmetics Database Environmental Working Group.URL

[2012/08/22 14:34:23 | 000,002,025 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\DFAIT.wpd

[2012/08/22 11:46:20 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\BlackBerry Desktop Software.lnk

[2012/08/22 11:03:37 | 113,258,446 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\601_b015.zip

[2012/08/22 08:54:58 | 047,735,320 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\421_b017_english.exe

[2012/08/17 10:28:24 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\User1\eMailTrackerPro-Path

[2012/07/11 11:42:18 | 116,064,632 | ---- | C] () -- C:\Program Files\700_b060_multilanguage.exe

[2012/06/28 00:03:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_iclink294.ini

[2012/06/28 00:03:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcompbg691.dat

[2012/06/27 23:53:44 | 133,949,709 | ---- | C] () -- C:\Program Files\rh40eval_en_20110309.exe

[2012/06/13 18:49:20 | 000,095,220 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/06/06 01:36:48 | 002,333,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/04/24 21:59:15 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll

[2012/04/12 12:14:36 | 001,919,299 | ---- | C] () -- C:\Program Files\FSCaptureSetup70.exe

[2012/02/26 20:28:05 | 000,177,345 | ---- | C] () -- C:\WINDOWS\hppins12.dat.temp

[2012/02/26 20:28:05 | 000,007,855 | ---- | C] () -- C:\WINDOWS\hppmdl12.dat.temp

[2012/02/26 20:27:47 | 000,000,346 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2012/02/15 08:44:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/18 13:25:41 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

[2011/12/28 19:06:48 | 001,393,664 | ---- | C] () -- C:\Program Files\epson10479.exe

[2011/12/28 18:54:25 | 006,278,656 | ---- | C] () -- C:\Program Files\epson10609.exe

[2011/09/27 18:03:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll

[2011/06/21 09:50:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/06/20 14:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/06/20 14:41:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/06/20 14:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/06/20 14:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/06/20 14:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/06/18 19:33:52 | 000,017,816 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\6a1d6xm04q533d3mwwdve2hq

[2011/06/18 19:33:52 | 000,017,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6a1d6xm04q533d3mwwdve2hq

[2011/06/18 11:48:13 | 000,017,004 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\i6240nq2ooi8p2eb4a6ln2x8ol5t8u41x34rs184ji6e2iq

[2011/06/18 11:48:13 | 000,017,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\i6240nq2ooi8p2eb4a6ln2x8ol5t8u41x34rs184ji6e2iq

[2011/06/18 11:48:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fcogerezu.dat

[2011/06/18 11:48:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ijebite.bin

[2011/05/05 16:29:52 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys

[2011/05/05 16:26:52 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\hppapr12.dat

[2011/05/05 16:24:22 | 000,176,773 | ---- | C] () -- C:\WINDOWS\hppins12.dat

[2011/05/05 16:24:22 | 000,007,855 | ---- | C] () -- C:\WINDOWS\hppmdl12.dat

[2011/02/19 11:55:59 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt681x.sys

[2011/02/19 11:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI

[2011/02/19 11:35:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe

[2010/12/28 02:44:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys

[2010/12/28 02:44:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe

[2010/11/28 13:49:20 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\User1\pool.bin

[2010/11/24 16:35:37 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010/11/24 16:35:37 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010/03/26 22:14:04 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat

[2009/12/15 13:38:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2009/10/03 08:29:45 | 000,203,264 | ---- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/06 15:10:10 | 000,000,009 | ---- | C] () -- C:\Program Files\version.dat

[2008/05/04 16:02:26 | 004,603,904 | ---- | C] () -- C:\Program Files\LaunchPad.exe

[2007/12/09 16:03:08 | 000,001,901 | ---- | C] () -- C:\Program Files\PelicanExtension.dll.sig

[2007/10/23 10:33:18 | 000,001,901 | ---- | C] () -- C:\Program Files\LPSecurityExtension.dll.sig

[2007/10/23 10:32:12 | 000,001,901 | ---- | C] () -- C:\Program Files\SanDiskFormatExtension.dll.sig

[2007/10/23 09:27:20 | 000,110,592 | ---- | C] () -- C:\Program Files\cleanup.exe

[2007/10/23 09:23:10 | 000,109,621 | R--- | C] () -- C:\Program Files\LPHelp-en.chm

[2007/10/23 09:23:10 | 000,098,339 | R--- | C] () -- C:\Program Files\LPHelp-de.chm

[2007/10/23 09:23:10 | 000,095,968 | R--- | C] () -- C:\Program Files\LPHelp-fr.chm

[2007/10/23 09:23:10 | 000,094,331 | R--- | C] () -- C:\Program Files\LPHelp-it.chm

[2007/10/23 09:23:10 | 000,094,194 | R--- | C] () -- C:\Program Files\LPHelp-es.chm

[2007/10/23 09:23:10 | 000,090,017 | R--- | C] () -- C:\Program Files\LPHelp-jp.chm

[2007/10/23 09:23:10 | 000,088,034 | R--- | C] () -- C:\Program Files\LPHelp-tw.chm

[2007/10/23 09:23:10 | 000,078,576 | R--- | C] () -- C:\Program Files\LPHelp-ch.chm

[2007/10/23 09:22:58 | 000,058,842 | R--- | C] () -- C:\Program Files\Loading.gif

[2007/10/23 09:22:58 | 000,000,328 | R--- | C] () -- C:\Program Files\Loading.htm

[2007/10/23 09:22:22 | 000,035,070 | ---- | C] () -- C:\Program Files\PelicanBusy.gif

[2007/10/23 09:22:22 | 000,000,082 | ---- | C] () -- C:\Program Files\PelicanBusyPage.htm

========== ZeroAccess Check ==========

[2012/07/24 07:55:17 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L\00000004.@

[2009/10/20 18:54:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2011/12/29 16:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit

[2011/06/26 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Qualcomm

[2011/12/29 17:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems

[2012/09/13 19:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2011/06/25 19:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aN28601McCcD28601

[2011/06/21 16:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2009/10/13 11:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2009/10/04 17:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon

[2011/01/18 16:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2009/10/05 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2011/01/18 16:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure

[2009/10/04 02:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2010/05/04 20:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2010/05/04 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2011/11/22 23:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2012/01/22 13:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LoanSpread

[2012/06/28 00:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel

[2011/09/19 16:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS

[2012/01/10 19:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2010/11/24 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

[2010/04/07 15:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2012/01/10 19:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PLAV

[2012/08/22 12:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2009/10/04 04:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2011/12/21 12:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2012/09/08 14:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/10 01:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2012/06/05 09:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/04/28 13:36:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4F6F9106-1191-447A-967C-32A982C7AE01}

[2011/11/14 11:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PhotoParade

[2012/01/18 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AuctionSentry

[2012/08/22 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Blackberry Desktop

[2009/10/05 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Blitware

[2011/03/21 18:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\CoffeeCup Software

[2012/04/28 14:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\deskPDF

[2012/09/17 20:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\deskUNPDF

[2009/10/05 13:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\DriverCure

[2012/03/23 12:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ElevatedDiagnostics

[2012/01/21 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Felitec

[2009/10/17 11:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FUJIFILM

[2010/12/16 18:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GetRightToGo

[2012/01/08 16:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ImgBurn

[2011/10/20 15:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\IObit

[2010/11/24 00:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ParetoLogic

[2009/10/03 06:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Qualcomm

[2012/07/11 11:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Research In Motion

[2012/09/08 13:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Sony

[2010/03/26 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\yoclient

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2012/02/23 23:39:29 | 000,000,071 | ---- | M] ()(C:\Documents and Settings\User1\Desktop\???????:???.URL) -- C:\Documents and Settings\User1\Desktop\テレビジャパン：番組表.URL

[2012/02/23 23:39:29 | 000,000,071 | ---- | C] ()(C:\Documents and Settings\User1\Desktop\???????:???.URL) -- C:\Documents and Settings\User1\Desktop\テレビジャパン：番組表.URL

[2011/05/16 20:17:10 | 000,000,066 | ---- | M] ()(C:\Documents and Settings\User1\Desktop\????????~??????????~.URL) -- C:\Documents and Settings\User1\Desktop\てくてく世界旅。～世界一周できるかなぁ～.URL

[2011/05/16 20:17:10 | 000,000,066 | ---- | C] ()(C:\Documents and Settings\User1\Desktop\????????~??????????~.URL) -- C:\Documents and Settings\User1\Desktop\てくてく世界旅。～世界一周できるかなぁ～.URL

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\$NtUninstallKB11231$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC

< End of report >

[Maniac]

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

10:40:16.0312 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:40:16.0312 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lautdjxa.sys -- (otkt)
  IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
  FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
  FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
  [2012/07/19 19:15:29 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
  [2011/06/18 19:33:52 | 000,017,816 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\6a1d6xm04q533d3mwwdve2hq
  [2011/06/18 19:33:52 | 000,017,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6a1d6xm04q533d3mwwdve2hq
  [2011/06/18 11:48:13 | 000,017,004 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\i6240nq2ooi8p2eb4a6ln2x8ol5t8u41x34rs184ji6e2iq
  [2011/06/18 11:48:13 | 000,017,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\i6240nq2ooi8p2eb4a6ln2x8ol5t8u41x34rs184ji6e2iq
  [2011/06/18 11:48:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fcogerezu.dat
  [2011/06/18 11:48:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ijebite.bin
  [2012/07/24 07:55:17 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L\00000004.@
  [2009/10/20 18:54:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
  [2012/09/13 19:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
  [2011/06/25 19:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aN28601McCcD28601
  
  :files
  C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}
  ipconfig /flushdns /c
  
  :Commands
  [resethosts]
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• OTL Fix log
  
• Malwarebytes' Anti-Malware log

[Squamish]

Thanks Maniac. Funny thing is TDSKiller and OTL have completely disappeared from my hard drive! Nothing left but the TDSKiller quarantine file!

Do you think maybe someone it taking a personal interest in my computer LOL?

[Maniac]

Generate a new fresh log files in this case.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!