Malware redirecting to "my computer online scan", etc

mm33926988 · October 2, 2010

My computer began redirecting to various webpages such as "my computer online scan" that shouts "Your computer is infected!" and also to "My Life" webpage, etc. I have run Malwarebytes and Avira and found only JavaClassLoader.BO I have tried to follow the suggested steps on your site titled "I'm Infected - What do I do now?" but I ran into a problem when I tried to run the GMER rootkit scanner. After downloading it to my desktop I clicked the icon and got a message "c:Windows\system32\config\system: the system cannot find the file specified". It did bring up the GMER scanner, but the suggested items to be checked in the control box on the right are grayed out and cannot be selected. Please advise. I know I will need further help on this. Thank you.

SpySentinel · October 2, 2010

Hi mm33926988,

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

mm33926988 · October 2, 2010

Thank you very much for your help SpySentinel. Here are the scan files you requested.

OTL Extras logfile created on: 10/2/2010 10:30:36 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\marlinmoyer\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.30 Gb Total Space | 301.22 Gb Free Space | 66.89% Space Free | Partition Type: NTFS

Drive D: | 15.46 Gb Total Space | 7.99 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 465.65 Gb Total Space | 421.93 Gb Free Space | 90.61% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-PC

Current User Name: marlinmoyer

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1243DF32-6DDD-4437-91AB-8A36315CD625}" = rport=445 | protocol=6 | dir=out | app=system |

"{1FE5218D-D0FF-4786-974A-DC4275656203}" = lport=138 | protocol=17 | dir=in | app=system |

"{3A720E61-B04D-417C-B55F-FB36BE465EF3}" = lport=139 | protocol=6 | dir=in | app=system |

"{44DEE700-F046-45B2-838F-C4ACBA272D25}" = lport=445 | protocol=6 | dir=in | app=system |

"{54535DBB-23D1-4091-9D8F-F25ADCCFBF67}" = rport=137 | protocol=17 | dir=out | app=system |

"{A89826BE-ACC3-4395-966A-C335B70BD9A2}" = lport=137 | protocol=17 | dir=in | app=system |

"{B723F2D1-482E-4EAB-8E38-F63ED6748957}" = rport=138 | protocol=17 | dir=out | app=system |

"{CDF08C7B-0272-45ED-BEDD-C2ECD87560FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E9E96FC8-C99C-4B80-8408-F26E4469E27B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F7EA1068-24ED-4857-A156-E58AF025AB84}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1ADF3066-D7EB-41E1-A166-62EC926C87DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{28A3A176-E721-44FC-A202-FF6AB6EC538A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8A988C09-2EE9-42AD-834E-6980D43CA0F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C1C8EB53-F4D8-4E40-A60F-9DF19DEF2FC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D6455CC6-26D7-4D69-913F-987CF3D23585}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F241C030-0E51-4C31-8703-29FC56BF676F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8FF3A93A-5F76-2C4B-CA86-E2D0D9008874}" = ATI Catalyst Install Manager

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{AF97400D-44D7-64DE-9A41-4FCB38ECD323}" = ccc-utility64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP

"HitmanPro35" = Hitman Pro 3.5

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PCSI" = Prevx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0025DA8D-F344-E316-885A-2D71C66B0FB1}" = Catalyst Control Center Localization Norwegian

"{01B0503D-45A2-CCA2-44DF-C716B80B7EB6}" = Catalyst Control Center Graphics Light

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0C74BC57-4128-D428-D4A5-267F66C80C7C}" = CCC Help German

"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17068829-10EE-4581-BDC8-C53C483694A3}" = Smart Copy

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1AEB447A-34B8-7DB5-67B8-1E54DADD6572}" = Catalyst Control Center Localization Polish

"{1B897B3A-57C2-DF09-C6CC-E6B9FA0AC44F}" = CCC Help Thai

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2037D7FD-6401-DDC7-A499-2FDF9ADCD04F}" = CCC Help Turkish

"{21AD8584-EDAC-7D00-71CC-79D111C5B27B}" = CCC Help Italian

"{2295D7EE-0575-D2CC-E52A-102F2AF01169}" = CCC Help Russian

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 21

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2ED84754-62AA-80F6-E434-9C03FF1D4221}" = Catalyst Control Center Localization Korean

"{30965141-4363-2683-885F-4A35810A382B}" = CCC Help Portuguese

"{311D49FD-6B52-D68F-CFBC-796F22554404}" = Catalyst Control Center Localization Dutch

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3AD4FFEC-0DEC-5037-C92F-C294FEA8F320}" = Catalyst Control Center Localization Hungarian

"{3C71054A-352C-4ABD-5643-4C8F8617AE08}" = CCC Help Danish

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{3FE1C3BB-91B1-119B-47FE-49143E2AD10B}" = CCC Help Spanish

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding

"{48EF56FD-3B28-DEB7-7C63-85908395E6A6}" = Catalyst Control Center Localization Spanish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F896C8E-8AEF-4C27-31CD-56E6E200FAB4}" = CCC Help Dutch

"{53C436CD-155C-6159-D12B-55967DAB8887}" = CCC Help Norwegian

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5E396C14-A2E0-3F7B-42FE-15569155234A}" = CCC Help Chinese Standard

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries

"{60245C29-8A73-CF88-275F-A79BA580E748}" = CCC Help Korean

"{68F2FB07-4F60-734A-46FD-493A109D1514}" = CCC Help English

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6FD29E18-619D-259B-948F-3A65967486A3}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77FB2697-2C28-9572-6452-F2418A33834E}" = Catalyst Control Center Localization Russian

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7CC14E1A-17B4-27A6-2086-2A52BCC16A16}" = Catalyst Control Center Localization Italian

"{7D30776C-F30F-4207-6A82-EF0E1D6DCD23}" = CCC Help Chinese Traditional

"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer

"{804AB28B-F929-370A-B3AB-5BB99DFD73DF}" = Catalyst Control Center Localization Chinese Standard

"{84E98285-BEC0-8C52-EB74-10C281737023}" = Catalyst Control Center Localization Portuguese

"{862673D1-8F64-A109-47A9-CD5CFAABBD2A}" = Catalyst Control Center Localization Finnish

"{89EFA70F-87DF-4B19-6366-77B9D693C20E}" = CCC Help Swedish

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8DB9E645-E6DB-A4BB-B18A-265435D13274}" = Catalyst Control Center Graphics Full Existing

"{8E62F311-A40C-A7B3-C595-FE1E17D838F8}" = Skins

"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{901DD5DE-0798-883F-8B23-55D3843F3E59}" = Catalyst Control Center Localization Turkish

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92933B9E-3273-9DD6-7F47-EB6DD029C6AC}" = Catalyst Control Center Localization Chinese Traditional

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{954513A8-AAE3-97E9-1FB8-A1D70FD1A549}" = CCC Help Greek

"{9738C893-02C6-6694-DD7B-D50CC8D57248}" = Catalyst Control Center Core Implementation

"{9DF93979-12BD-D361-0624-9025215FD8B5}" = CCC Help Finnish

"{A4BEC8AC-0E57-E1F8-C3C5-01ED0F27ECB9}" = Catalyst Control Center Localization French

"{A91FB756-A9B5-7A88-7637-21B3061B97A7}" = Catalyst Control Center Graphics Full New

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC4451B3-1CC2-7C5D-F0EC-AD2DADE9DFF2}" = CCC Help Japanese

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AC9450D2-2344-132D-AAA8-DB418BC6F3E5}" = CCC Help Hungarian

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2F6A8F0-927A-D0CC-D1CB-FCEBD7528799}" = Catalyst Control Center Localization Czech

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{BEA27FA8-9730-4074-8E17-4051C69EA59D}" = Geek Squad 24 Hour Computer Support

"{C0AF881D-EB63-A1D6-F29A-1EAD7BAEDB95}" = Catalyst Control Center Localization Japanese

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C75252FF-A765-B58A-44D1-D10C24E69E59}" = Catalyst Control Center Localization Thai

"{CAAF4EB9-68E8-6BC9-ADC2-24491B70A84D}" = Catalyst Control Center Graphics Previews Vista

"{CC25FBAD-153D-0EB7-5EC5-0DE97A7A8788}" = Catalyst Control Center Localization Danish

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EA34B5D9-A3C9-333A-B1CD-ABCC975FB5EF}" = CCC Help French

"{EBCDE4F2-C6F7-1188-DDE7-15966902EC6A}" = Catalyst Control Center Localization Swedish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F66208C6-E88B-27B6-9C49-09E78739F017}" = Catalyst Control Center Localization German

"{F9E0767F-6DB6-9B56-3BEF-50BAFC430934}" = Catalyst Control Center Localization Greek

"{FCB5EE95-A308-F826-9C6B-18DD2EEA1992}" = CCC Help Polish

"{FE8A68F6-3C7C-D143-F898-C6C1F26CB41E}" = CCC Help Czech

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Federal 2007 Ammunition" = Federal 2007 Ammunition

"FLV Player" = FLV Player 2.0 (build 25)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Money2007b" = Microsoft Money Essentials

"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)

"Pdf995" = Pdf995

"RealPlayer 6.0" = RealPlayer

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

< End of report >

OTL logfile created on: 10/2/2010 10:30:36 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\marlinmoyer\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.30 Gb Total Space | 301.22 Gb Free Space | 66.89% Space Free | Partition Type: NTFS

Drive D: | 15.46 Gb Total Space | 7.99 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 465.65 Gb Total Space | 421.93 Gb Free Space | 90.61% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-PC

Current User Name: marlinmoyer

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\marlinmoyer\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\marlinmoyer\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5692

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5692

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5692

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5692

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5692

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2008/10/14 11:31:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/02 11:01:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/26 10:54:19 | 000,000,000 | ---D | M]

[2008/08/22 15:15:51 | 000,000,000 | ---D | M] -- C:\Users\marlinmoyer\AppData\Roaming\Mozilla\Extensions

[2010/10/02 10:14:44 | 000,000,000 | ---D | M] -- C:\Users\marlinmoyer\AppData\Roaming\Mozilla\Firefox\Profiles\dpi3y5rh.default\extensions

[2010/06/11 13:20:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\marlinmoyer\AppData\Roaming\Mozilla\Firefox\Profiles\dpi3y5rh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/05 14:07:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\marlinmoyer\AppData\Roaming\Mozilla\Firefox\Profiles\dpi3y5rh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/09/27 14:29:01 | 000,000,000 | ---D | M] -- C:\Users\marlinmoyer\AppData\Roaming\Mozilla\Firefox\Profiles\dpi3y5rh.default\extensions\foxfilter@inspiredeffect.net

[2010/09/26 12:02:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/06/11 13:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/26 12:02:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/07/27 11:18:09 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vista

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - Unable to obtain root file information for disk F:\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: iphlpsvc - C:\Windows\SysNative\svchost.exe ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()

Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 10:21:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\marlinmoyer\Desktop\OTL.exe

[2010/10/01 21:59:32 | 000,000,000 | ---D | C] -- C:\Users\marlinmoyer\AppData\Roaming\SUPERAntiSpyware.com

[2010/09/28 19:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2010/09/27 13:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/09/27 13:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2010/09/27 13:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/09/26 23:26:43 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\marlinmoyer\Desktop\SUPERAntiSpyware.exe

[2010/09/26 22:49:43 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\marlinmoyer\Desktop\TDSSKiller.exe

[2010/09/26 12:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/09/26 12:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/09/26 11:24:51 | 007,014,208 | ---- | C] (SurfRight B.V.) -- C:\Users\marlinmoyer\Desktop\HitmanPro35_x64.exe

[2010/09/26 10:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/09/26 10:53:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/09/25 13:29:15 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll

[2010/09/25 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx

[2010/09/25 13:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI

[2010/09/25 13:25:37 | 000,941,024 | ---- | C] (Prevx) -- C:\Users\marlinmoyer\Desktop\prevxcsifree.exe

[2010/09/23 19:17:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/09/23 19:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/08/23 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\marlinmoyer\AppData\Roaming\Avira

[2010/08/23 16:24:10 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/08/23 16:24:10 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/08/23 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/08/23 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/07/14 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\marlinmoyer\AppData\Roaming\Apple Computer

[2010/07/10 16:10:40 | 000,000,000 | ---D | C] -- C:\Users\marlinmoyer\AppData\Roaming\pdf995

[2010/07/10 15:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\pdf995

[2010/07/10 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdf995

[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/02 10:30:12 | 002,621,440 | -HS- | M] () -- C:\Users\marlinmoyer\NTUSER.DAT

[2010/10/02 10:21:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\marlinmoyer\Desktop\OTL.exe

[2010/10/02 10:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/02 10:13:33 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/02 10:13:33 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/01 20:14:04 | 000,293,376 | ---- | M] () -- C:\Users\marlinmoyer\Desktop\3w5vxv2y.exe

[2010/10/01 20:06:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/10/01 19:56:36 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/01 19:56:36 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/01 19:56:36 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/01 19:49:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/01 19:48:32 | 4025,671,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/01 19:47:11 | 000,524,288 | -HS- | M] () -- C:\Users\marlinmoyer\NTUSER.DAT{dfb565d6-0f44-11df-96c1-001fe201cf65}.TMContainer00000000000000000001.regtrans-ms

[2010/10/01 19:47:11 | 000,065,536 | -HS- | M] () -- C:\Users\marlinmoyer\NTUSER.DAT{dfb565d6-0f44-11df-96c1-001fe201cf65}.TM.blf

[2010/10/01 19:46:47 | 002,500,325 | -H-- | M] () -- C:\Users\marlinmoyer\AppData\Local\IconCache.db

[2010/10/01 19:36:12 | 000,525,824 | ---- | M] () -- C:\Users\marlinmoyer\Desktop\dds.com

[2010/10/01 16:24:31 | 000,050,477 | ---- | M] () -- C:\Users\marlinmoyer\Desktop\Defogger.exe

[2010/10/01 16:23:12 | 000,145,165 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Malwarebytes forum_I'm infected - What do I do.pdf

[2010/10/01 16:23:08 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv

[2010/09/30 22:14:42 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/09/30 14:41:13 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/30 13:59:34 | 000,063,512 | ---- | M] () -- C:\Windows\SysNative\drivers\pxrts.sys

[2010/09/30 13:59:34 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll

[2010/09/30 13:59:34 | 000,034,696 | ---- | M] () -- C:\Windows\SysNative\drivers\pxscan.sys

[2010/09/30 13:59:33 | 000,022,336 | ---- | M] () -- C:\Windows\SysNative\drivers\pxkbf.sys

[2010/09/30 13:59:24 | 000,000,032 | ---- | M] () -- C:\Windows\wininit.ini

[2010/09/29 18:33:29 | 000,237,248 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Malwarebytes Forum - RootKit remover.jpg

[2010/09/29 18:26:22 | 000,200,058 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Sophos Anti-Rootkit_scan results 9-28-2010.jpg

[2010/09/28 21:05:58 | 000,208,446 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Sophos Anti-Rootkit scan results 9-28-2010.jpg

[2010/09/28 13:01:04 | 000,421,211 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Sophos Anti-Rootkit Instructions_pdf.pdf

[2010/09/27 16:02:06 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/27 15:38:51 | 000,206,748 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Redirected page malware.jpg

[2010/09/27 14:26:11 | 000,230,884 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Anti malware or anti virus free downloads to use.jpg

[2010/09/27 13:59:40 | 000,363,451 | ---- | M] () -- C:\Users\marlinmoyer\Documents\History of internet pages when redirected to scan.jpg

[2010/09/27 13:06:50 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/09/27 12:57:10 | 000,022,498 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Marlin's Books & Authors.xlsx

[2010/09/27 12:57:06 | 002,695,945 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Winchester Model 70 Auctions.xlsx

[2010/09/26 23:27:03 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\marlinmoyer\Desktop\SUPERAntiSpyware.exe

[2010/09/26 11:24:57 | 007,014,208 | ---- | M] (SurfRight B.V.) -- C:\Users\marlinmoyer\Desktop\HitmanPro35_x64.exe

[2010/09/26 10:54:19 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/25 13:25:38 | 000,941,024 | ---- | M] (Prevx) -- C:\Users\marlinmoyer\Desktop\prevxcsifree.exe

[2010/09/25 12:34:18 | 000,260,884 | ---- | M] () -- C:\Users\marlinmoyer\Documents\windows security alert Trojans.jpg

[2010/09/19 16:59:30 | 000,000,680 | ---- | M] () -- C:\Users\marlinmoyer\AppData\Local\d3d9caps.dat

[2010/09/11 18:23:44 | 000,259,290 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Montgomery_Mike_Stats_SanDiego 1971-Nov15.jpg

[2010/09/09 16:19:59 | 000,266,459 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Safe Money Report_WeissResearchIssues_mmoy_tre.jpg

[2010/09/09 15:09:59 | 000,191,829 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Hee Haw DVD set_Amazon_42 95_Sept 9-10.jpg

[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\marlinmoyer\Desktop\TDSSKiller.exe

[2010/09/05 14:47:51 | 000,027,648 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Remington Nylon 22 Rifles Statistics_08-08.xls

[2010/09/02 20:43:11 | 000,228,031 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Mint silver proof set 2010 order_name_hometown.jpg

[2010/09/02 11:49:39 | 000,011,167 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Marlin's Ammo Cartridge Collection.xlsx

[2010/08/30 12:18:38 | 021,487,962 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Miracle Whey Protein Powder Shake _Mercola.flv

[2010/08/28 20:35:21 | 000,037,376 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Inventory of Marlin's Guns 2010-06.xls

[2010/08/23 19:35:47 | 000,305,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/23 16:24:23 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/08/23 16:03:05 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin

[2010/08/23 10:51:48 | 000,389,734 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Remington Arms 673 lam stock 6-5 mag_8-23-10.pdf

[2010/08/14 17:54:05 | 000,016,374 | ---- | M] () -- C:\Users\marlinmoyer\Documents\WeissRatings _ Strongest Annuity Insurers 2010.docx

[2010/08/14 17:52:22 | 000,019,121 | ---- | M] () -- C:\Users\marlinmoyer\Documents\WeissRatings _ Strongest Life Insurers 2010.docx

[2010/08/14 11:37:25 | 000,096,027 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Ten Reasons to Expect a Stock Market Crash soon.pdf

[2010/08/14 11:12:56 | 000,594,128 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Guide to Ammunition Cartridge Collecting.pdf

[2010/08/11 12:35:03 | 000,227,840 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Military Diecast 2010-Tanks & Planes.xls

[2010/08/07 12:09:54 | 000,031,232 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Nutmeg Ertl Modified Legends Coupes-2007.xls

[2010/08/04 16:31:41 | 000,250,588 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Ammo One Order_8-4-10_ 39-40 for 10 cartridges.jpg

[2010/08/04 16:29:20 | 000,305,212 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Ammo One Order_8-4-10 _ 39-40 mastercard.jpg

[2010/08/04 13:22:08 | 000,263,625 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Flying Mule order 8-4-10_mastercard.jpg

[2010/08/04 12:58:34 | 000,265,994 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Petes Collectibles order 8-4-10_1 tank&2 planes.jpg

[2010/08/04 12:57:16 | 000,241,860 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Petes Collectibles order 8-4-10_mastercard.jpg

[2010/08/02 17:08:10 | 000,190,331 | ---- | M] () -- C:\Users\marlinmoyer\Documents\PanzerStahl diecast tanks_DiecastDirect-PS88004.jpg

[2010/07/29 15:57:57 | 000,010,928 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Remington Nylon Models.xlsx

[2010/07/26 17:17:33 | 000,025,141 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Daily_Meal Diary_Learn to Listen to Your Body.pdf

[2010/07/26 17:15:48 | 000,588,965 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Gluten-Sensitivity Information.pdf

[2010/07/26 17:12:47 | 000,023,651 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Mixed-Type-Meal-Ideas_Menu.pdf

[2010/07/26 17:12:22 | 000,016,803 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Mixed-Type-Meal-Instructions.pdf

[2010/07/26 17:11:17 | 000,018,614 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Gluten-Free-Mixed-Type-Secondary-Food-Chart.pdf

[2010/07/26 17:10:24 | 000,022,274 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Gluten-Free-Mixed-Type-Primary-Food-Chart.pdf

[2010/07/26 11:09:04 | 000,178,463 | ---- | M] () -- C:\Users\marlinmoyer\Documents\DiecastDirect home page.jpg

[2010/07/21 10:19:38 | 000,184,988 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Bowlby_April-blue dress_DropDeadDiva-TV.jpg

[2010/07/20 20:41:10 | 000,000,165 | -H-- | M] () -- C:\Users\marlinmoyer\Documents\~$Winchester Model 70 Auctions.xlsx

[2010/07/17 22:13:54 | 000,209,920 | ---- | M] () -- C:\Users\marlinmoyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/16 20:45:25 | 000,014,944 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Winchester M70 barrel contour measurements.xlsx

[2010/07/15 10:49:05 | 000,022,661 | ---- | M] () -- C:\Users\marlinmoyer\Documents\McGowen Octagon Rifle Barrel Insructions.pdf

[2010/07/14 18:03:01 | 000,012,865 | ---- | M] () -- C:\Users\marlinmoyer\Documents\McGowen Octagon Rifle Barrel Insructions.docx

[2010/07/13 14:04:29 | 000,056,206 | ---- | M] () -- C:\Users\marlinmoyer\Documents\PennDOT Vehicle Registration_Toyota.pdf

[2010/07/12 18:21:56 | 000,190,099 | ---- | M] () -- C:\Users\marlinmoyer\Documents\McGowenBarrel tapered Octagon order form 7-12.jpg

[2010/07/12 18:18:55 | 000,117,748 | ---- | M] () -- C:\Users\marlinmoyer\Documents\McGowen Barrel Double Tapered Octagon Order Form 7-12-2010.pdf

[2010/07/12 09:09:39 | 000,011,164 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Gun Safe specifications.xlsx

[2010/07/11 13:41:17 | 000,313,317 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Shipping firearms by USPS - DMM 11-3 - p63.jpg

[2010/07/11 13:38:40 | 000,244,750 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Shipping firearms by USPS -US code.jpg

[2010/07/10 16:11:23 | 000,121,786 | ---- | M] () -- C:\Users\marlinmoyer\Documents\McGowen Barrel Double Tapered Octagon Order Form.pdf

[2010/07/10 16:10:03 | 000,189,178 | ---- | M] () -- C:\Users\marlinmoyer\Documents\McGowenBarrel tapered Octagon order form.jpg

[2010/07/10 15:42:48 | 000,047,616 | ---- | M] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2010/07/07 18:27:40 | 000,012,458 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Handloads.com-shellholders-reference.asp

[2010/07/06 17:04:43 | 000,361,167 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Cleaning & preserving cartridges_CartCollectors org.jpg

[2010/07/06 15:42:34 | 000,067,797 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Smart Roadster 2006-gray collectors edition-rear angle.jpg

[2010/07/06 15:40:41 | 000,072,779 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Smart Roadster 2005-gray collectors edition-FA_Kinght&Day.jpg

[2010/07/04 16:10:59 | 000,311,732 | ---- | M] () -- C:\Users\marlinmoyer\Documents\Safe Money Report_July 2010.pdf

[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 20:13:22 | 000,293,376 | ---- | C] () -- C:\Users\marlinmoyer\Desktop\3w5vxv2y.exe

[2010/10/01 20:06:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/10/01 19:36:12 | 000,525,824 | ---- | C] () -- C:\Users\marlinmoyer\Desktop\dds.com

[2010/10/01 16:24:30 | 000,050,477 | ---- | C] () -- C:\Users\marlinmoyer\Desktop\Defogger.exe

[2010/10/01 16:23:08 | 000,145,165 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Malwarebytes forum_I'm infected - What do I do.pdf

[2010/09/30 13:59:24 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini

[2010/09/29 18:36:33 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll

[2010/09/29 18:33:28 | 000,237,248 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Malwarebytes Forum - RootKit remover.jpg

[2010/09/29 18:26:22 | 000,200,058 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Sophos Anti-Rootkit_scan results 9-28-2010.jpg

[2010/09/28 21:05:57 | 000,208,446 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Sophos Anti-Rootkit scan results 9-28-2010.jpg

[2010/09/28 13:01:04 | 000,421,211 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Sophos Anti-Rootkit Instructions_pdf.pdf

[2010/09/27 15:38:50 | 000,206,748 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Redirected page malware.jpg

[2010/09/27 14:26:11 | 000,230,884 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Anti malware or anti virus free downloads to use.jpg

[2010/09/27 13:59:40 | 000,363,451 | ---- | C] () -- C:\Users\marlinmoyer\Documents\History of internet pages when redirected to scan.jpg

[2010/09/27 13:06:50 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/09/26 12:08:08 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/09/26 12:07:42 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/26 10:54:19 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/25 13:29:15 | 000,063,512 | ---- | C] () -- C:\Windows\SysNative\drivers\pxrts.sys

[2010/09/25 13:29:15 | 000,034,696 | ---- | C] () -- C:\Windows\SysNative\drivers\pxscan.sys

[2010/09/25 13:29:14 | 000,022,336 | ---- | C] () -- C:\Windows\SysNative\drivers\pxkbf.sys

[2010/09/25 12:34:18 | 000,260,884 | ---- | C] () -- C:\Users\marlinmoyer\Documents\windows security alert Trojans.jpg

[2010/09/23 19:17:16 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/15 13:39:32 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL

[2010/09/15 13:39:31 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe

[2010/09/15 13:39:27 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll

[2010/09/15 13:39:25 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll

[2010/09/11 18:23:44 | 000,259,290 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Montgomery_Mike_Stats_SanDiego 1971-Nov15.jpg

[2010/09/09 16:19:59 | 000,266,459 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Safe Money Report_WeissResearchIssues_mmoy_tre.jpg

[2010/09/09 15:09:59 | 000,191,829 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Hee Haw DVD set_Amazon_42 95_Sept 9-10.jpg

[2010/09/02 20:43:10 | 000,228,031 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Mint silver proof set 2010 order_name_hometown.jpg

[2010/08/30 12:14:32 | 021,487,962 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Miracle Whey Protein Powder Shake _Mercola.flv

[2010/08/23 19:05:49 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax

[2010/08/23 19:05:49 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax

[2010/08/23 19:05:47 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll

[2010/08/23 19:05:46 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll

[2010/08/23 19:05:46 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax

[2010/08/23 19:05:19 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll

[2010/08/23 19:05:19 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll

[2010/08/23 19:05:19 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe

[2010/08/23 19:05:19 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/08/23 19:05:19 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll

[2010/08/23 16:24:23 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/08/23 16:24:10 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/08/23 16:24:10 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/08/23 10:51:45 | 000,389,734 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Remington Arms 673 lam stock 6-5 mag_8-23-10.pdf

[2010/08/14 17:54:04 | 000,016,374 | ---- | C] () -- C:\Users\marlinmoyer\Documents\WeissRatings _ Strongest Annuity Insurers 2010.docx

[2010/08/14 17:52:21 | 000,019,121 | ---- | C] () -- C:\Users\marlinmoyer\Documents\WeissRatings _ Strongest Life Insurers 2010.docx

[2010/08/14 11:37:23 | 000,096,027 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Ten Reasons to Expect a Stock Market Crash soon.pdf

[2010/08/14 11:12:52 | 000,594,128 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Guide to Ammunition Cartridge Collecting.pdf

[2010/08/11 13:21:11 | 000,011,167 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Marlin's Ammo Cartridge Collection.xlsx

[2010/08/11 09:44:07 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys

[2010/08/11 09:43:59 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys

[2010/08/11 09:43:59 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys

[2010/08/11 09:43:56 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys

[2010/08/11 09:43:53 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll

[2010/08/11 09:43:50 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/11 09:43:42 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll

[2010/08/11 09:43:41 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll

[2010/08/11 09:43:41 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll

[2010/08/11 09:43:39 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll

[2010/08/11 09:43:38 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll

[2010/08/11 09:43:38 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll

[2010/08/11 09:43:38 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll

[2010/08/11 09:43:38 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll

[2010/08/11 09:43:38 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll

[2010/08/11 09:43:38 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll

[2010/08/11 09:43:38 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll

[2010/08/11 09:43:38 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll

[2010/08/11 09:43:38 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll

[2010/08/11 09:43:37 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl

[2010/08/11 09:43:37 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe

[2010/08/11 09:43:37 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll

[2010/08/11 09:43:37 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll

[2010/08/11 09:43:37 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll

[2010/08/11 09:43:36 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb

[2010/08/11 09:43:36 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe

[2010/08/11 09:43:36 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe

[2010/08/11 09:43:35 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll

[2010/08/11 09:43:32 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll

[2010/08/04 16:31:08 | 000,250,588 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Ammo One Order_8-4-10_ 39-40 for 10 cartridges.jpg

[2010/08/04 16:29:20 | 000,305,212 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Ammo One Order_8-4-10 _ 39-40 mastercard.jpg

[2010/08/04 13:22:07 | 000,263,625 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Flying Mule order 8-4-10_mastercard.jpg

[2010/08/04 12:58:33 | 000,265,994 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Petes Collectibles order 8-4-10_1 tank&2 planes.jpg

[2010/08/04 12:57:16 | 000,241,860 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Petes Collectibles order 8-4-10_mastercard.jpg

[2010/08/03 10:19:19 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll

[2010/08/02 17:08:10 | 000,190,331 | ---- | C] () -- C:\Users\marlinmoyer\Documents\PanzerStahl diecast tanks_DiecastDirect-PS88004.jpg

[2010/07/26 17:17:33 | 000,025,141 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Daily_Meal Diary_Learn to Listen to Your Body.pdf

[2010/07/26 17:15:48 | 000,588,965 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Gluten-Sensitivity Information.pdf

[2010/07/26 17:12:47 | 000,023,651 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Mixed-Type-Meal-Ideas_Menu.pdf

[2010/07/26 17:12:22 | 000,016,803 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Mixed-Type-Meal-Instructions.pdf

[2010/07/26 17:11:17 | 000,018,614 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Gluten-Free-Mixed-Type-Secondary-Food-Chart.pdf

[2010/07/26 17:10:24 | 000,022,274 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Gluten-Free-Mixed-Type-Primary-Food-Chart.pdf

[2010/07/26 13:03:54 | 000,178,463 | ---- | C] () -- C:\Users\marlinmoyer\Documents\DiecastDirect home page.jpg

[2010/07/21 10:19:38 | 000,184,988 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Bowlby_April-blue dress_DropDeadDiva-TV.jpg

[2010/07/20 20:41:10 | 000,000,165 | -H-- | C] () -- C:\Users\marlinmoyer\Documents\~$Winchester Model 70 Auctions.xlsx

[2010/07/15 10:49:02 | 000,022,661 | ---- | C] () -- C:\Users\marlinmoyer\Documents\McGowen Octagon Rifle Barrel Insructions.pdf

[2010/07/14 18:03:00 | 000,012,865 | ---- | C] () -- C:\Users\marlinmoyer\Documents\McGowen Octagon Rifle Barrel Insructions.docx

[2010/07/13 14:04:27 | 000,056,206 | ---- | C] () -- C:\Users\marlinmoyer\Documents\PennDOT Vehicle Registration_Toyota.pdf

[2010/07/12 18:21:56 | 000,190,099 | ---- | C] () -- C:\Users\marlinmoyer\Documents\McGowenBarrel tapered Octagon order form 7-12.jpg

[2010/07/12 18:18:52 | 000,117,748 | ---- | C] () -- C:\Users\marlinmoyer\Documents\McGowen Barrel Double Tapered Octagon Order Form 7-12-2010.pdf

[2010/07/11 13:41:16 | 000,313,317 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Shipping firearms by USPS - DMM 11-3 - p63.jpg

[2010/07/11 13:38:39 | 000,244,750 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Shipping firearms by USPS -US code.jpg

[2010/07/10 16:11:21 | 000,121,786 | ---- | C] () -- C:\Users\marlinmoyer\Documents\McGowen Barrel Double Tapered Octagon Order Form.pdf

[2010/07/10 16:10:02 | 000,189,178 | ---- | C] () -- C:\Users\marlinmoyer\Documents\McGowenBarrel tapered Octagon order form.jpg

[2010/07/10 15:42:48 | 000,320,000 | ---- | C] () -- C:\Windows\SysNative\pdfmona64.dll

[2010/07/10 15:42:48 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2010/07/10 15:42:48 | 000,047,616 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64.dll

[2010/07/10 15:42:48 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64ui.dll

[2010/07/10 15:42:48 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv

[2010/07/07 18:27:39 | 000,012,458 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Handloads.com-shellholders-reference.asp

[2010/07/06 17:04:42 | 000,361,167 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Cleaning & preserving cartridges_CartCollectors org.jpg

[2010/07/06 15:42:33 | 000,067,797 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Smart Roadster 2006-gray collectors edition-rear angle.jpg

[2010/07/06 15:40:41 | 000,072,779 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Smart Roadster 2005-gray collectors edition-FA_Kinght&Day.jpg

[2010/07/04 16:10:59 | 000,311,732 | ---- | C] () -- C:\Users\marlinmoyer\Documents\Safe Money Report_July 2010.pdf

[2010/05/06 13:36:35 | 000,000,680 | ---- | C] () -- C:\Users\marlinmoyer\AppData\Local\d3d9caps.dat

[2008/09/13 12:58:23 | 004,703,784 | R--- | C] () -- C:\Program Files\DXMEDIA.exe

[2008/08/22 15:51:07 | 000,209,920 | ---- | C] () -- C:\Users\marlinmoyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2008/10/21 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\marlinmoyer\AppData\Roaming\Geek Squad 24 Hour Computer Support

[2010/06/11 12:31:54 | 000,000,000 | ---D | M] -- C:\Users\marlinmoyer\AppData\Roaming\InfraRecorder

[2010/07/10 16:10:40 | 000,000,000 | ---D | M] -- C:\Users\marlinmoyer\AppData\Roaming\pdf995

[2010/10/01 19:47:26 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr

[2008/02/05 03:55:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2010/10/01 19:48:32 | 4025,671,680 | -HS- | M] () -- C:\hiberfil.sys

[2008/05/12 15:40:58 | 000,000,165 | ---- | M] () -- C:\Labelprint.log

[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2010/10/01 19:48:29 | 044,318,719 | -HS- | M] () -- C:\pagefile.sys

[2008/05/12 15:45:34 | 000,000,163 | ---- | M] () -- C:\power2go.log

[2008/05/12 15:32:42 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log

[2010/09/26 22:55:20 | 000,055,410 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_26.09.2010_22.54.44_log.txt

[2010/09/28 13:41:16 | 000,055,914 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.09.2010_13.40.43_log.txt

< %systemroot%\Fonts\*.com >

[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 11:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2010/02/10 11:38:30 | 000,000,344 | -HS- | M] () -- C:\Users\marlinmoyer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2010/10/01 20:14:04 | 000,293,376 | ---- | M] () -- C:\Users\marlinmoyer\Desktop\3w5vxv2y.exe

[2010/02/25 13:41:53 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\marlinmoyer\Desktop\ATF-Cleaner.exe

[2010/10/01 16:24:31 | 000,050,477 | ---- | M] () -- C:\Users\marlinmoyer\Desktop\Defogger.exe

[2010/09/26 11:24:57 | 007,014,208 | ---- | M] (SurfRight B.V.) -- C:\Users\marlinmoyer\Desktop\HitmanPro35_x64.exe

[2010/02/13 18:28:04 | 001,923,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\marlinmoyer\Desktop\install_flash_player.exe

[2010/10/02 10:21:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\marlinmoyer\Desktop\OTL.exe

[2010/09/25 13:25:38 | 000,941,024 | ---- | M] (Prevx) -- C:\Users\marlinmoyer\Desktop\prevxcsifree.exe

[2010/09/26 23:27:03 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\marlinmoyer\Desktop\SUPERAntiSpyware.exe

[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\marlinmoyer\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2008/08/22 15:13:03 | 000,000,402 | -HS- | M] () -- C:\Users\marlinmoyer\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

[2010/10/01 20:06:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

[2006/09/18 17:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >

[2010/10/02 10:30:12 | 002,621,440 | -HS- | M] () -- C:\Users\marlinmoyer\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

[2008/10/14 11:31:55 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Visualizations\Annabelle.rpv

[2008/10/14 11:31:55 | 000,080,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Real\Visualizations\CosmicBelt.rpv

[2008/10/14 11:31:55 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Visualizations\Fire.rpv

[2008/10/14 11:31:55 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Visualizations\FreqBands.rpv

[2008/10/14 11:31:55 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

I await your reply. Thanks .

MM

SpySentinel · October 3, 2010

Hi MM,

You're welcome :welcome:

I see you ran TDSSKiller. Can you post the latest log from it for me.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java

mm33926988 · October 3, 2010

SpySentinel,

TDSSKiller log was not what I expected:

2010/10/03 11:02:21.0620 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/10/03 11:02:21.0620 ================================================================================

2010/10/03 11:02:21.0620 SystemInfo:

2010/10/03 11:02:21.0620

2010/10/03 11:02:21.0620 OS Version: 6.0.6001 ServicePack: 1.0

2010/10/03 11:02:21.0620 Product type: Workstation

2010/10/03 11:02:21.0620 ComputerName: OWNER-PC

2010/10/03 11:02:21.0620 UserName: mm33926988

2010/10/03 11:02:21.0636 Windows directory: C:\Windows

2010/10/03 11:02:21.0636 System windows directory: C:\Windows

2010/10/03 11:02:21.0636 Running under WOW64

2010/10/03 11:02:21.0636 Processor architecture: Intel x64

2010/10/03 11:02:21.0636 Number of processors: 3

2010/10/03 11:02:21.0636 Page size: 0x1000

2010/10/03 11:02:21.0636 Boot type: Normal boot

2010/10/03 11:02:21.0636 ================================================================================

2010/10/03 11:02:21.0636 Utility is running under WOW64

2010/10/03 11:02:22.0182 Initialize success

so I ran TDSSKiller again and here is that log:

2010/10/03 11:02:21.0620 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/10/03 11:02:21.0620 ================================================================================

2010/10/03 11:02:21.0620 SystemInfo:

2010/10/03 11:02:21.0620

2010/10/03 11:02:21.0620 OS Version: 6.0.6001 ServicePack: 1.0

2010/10/03 11:02:21.0620 Product type: Workstation

2010/10/03 11:02:21.0620 ComputerName: OWNER-PC

2010/10/03 11:02:21.0620 UserName: mm33926988

2010/10/03 11:02:21.0636 Windows directory: C:\Windows

2010/10/03 11:02:21.0636 System windows directory: C:\Windows

2010/10/03 11:02:21.0636 Running under WOW64

2010/10/03 11:02:21.0636 Processor architecture: Intel x64

2010/10/03 11:02:21.0636 Number of processors: 3

2010/10/03 11:02:21.0636 Page size: 0x1000

2010/10/03 11:02:21.0636 Boot type: Normal boot

2010/10/03 11:02:21.0636 ================================================================================

2010/10/03 11:02:21.0636 Utility is running under WOW64

2010/10/03 11:02:22.0182 Initialize success

2010/10/03 11:07:30.0578 ================================================================================

2010/10/03 11:07:30.0578 Scan started

2010/10/03 11:07:30.0578 Mode: Manual;

2010/10/03 11:07:30.0578 ================================================================================

2010/10/03 11:07:31.0093 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

2010/10/03 11:07:31.0124 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/10/03 11:07:31.0155 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/10/03 11:07:31.0171 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/10/03 11:07:31.0202 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/10/03 11:07:31.0233 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys

2010/10/03 11:07:31.0264 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/10/03 11:07:31.0311 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/10/03 11:07:31.0342 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/10/03 11:07:31.0358 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/10/03 11:07:31.0389 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/03 11:07:31.0436 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/10/03 11:07:31.0452 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/10/03 11:07:31.0483 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/03 11:07:31.0514 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys

2010/10/03 11:07:31.0608 atikmdag (a534642d594e653912cb6e49ba6f5c59) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/10/03 11:07:31.0686 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys

2010/10/03 11:07:31.0732 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/10/03 11:07:31.0764 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2010/10/03 11:07:31.0795 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/10/03 11:07:31.0842 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys

2010/10/03 11:07:31.0888 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/10/03 11:07:31.0904 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/03 11:07:31.0935 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/10/03 11:07:31.0966 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/10/03 11:07:31.0998 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/10/03 11:07:32.0013 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/10/03 11:07:32.0044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/10/03 11:07:32.0060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/10/03 11:07:32.0076 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/10/03 11:07:32.0107 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

2010/10/03 11:07:32.0122 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/03 11:07:32.0154 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/03 11:07:32.0185 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2010/10/03 11:07:32.0232 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys

2010/10/03 11:07:32.0278 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/03 11:07:32.0294 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/10/03 11:07:32.0341 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/03 11:07:32.0356 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/10/03 11:07:32.0419 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys

2010/10/03 11:07:32.0450 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

2010/10/03 11:07:32.0497 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/10/03 11:07:32.0544 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/03 11:07:32.0590 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/10/03 11:07:32.0622 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

2010/10/03 11:07:32.0668 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/10/03 11:07:32.0700 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/10/03 11:07:32.0731 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

2010/10/03 11:07:32.0746 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

2010/10/03 11:07:32.0762 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/03 11:07:32.0793 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/10/03 11:07:32.0809 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/10/03 11:07:32.0824 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/03 11:07:32.0856 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

2010/10/03 11:07:32.0887 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/03 11:07:32.0902 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/10/03 11:07:32.0949 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/10/03 11:07:32.0980 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/03 11:07:32.0996 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/10/03 11:07:33.0027 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2010/10/03 11:07:33.0058 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/03 11:07:33.0105 hitmanpro35 (5cd53fc677705cc5e402611c81b2ac41) C:\Windows\system32\drivers\hitmanpro35.sys

2010/10/03 11:07:33.0121 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/10/03 11:07:33.0199 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2010/10/03 11:07:33.0246 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys

2010/10/03 11:07:33.0277 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/10/03 11:07:33.0308 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/03 11:07:33.0339 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/10/03 11:07:33.0370 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/10/03 11:07:33.0433 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys

2010/10/03 11:07:33.0480 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/10/03 11:07:33.0495 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/03 11:07:33.0526 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/03 11:07:33.0558 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/10/03 11:07:33.0589 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/10/03 11:07:33.0604 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/10/03 11:07:33.0620 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/10/03 11:07:33.0667 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/03 11:07:33.0682 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/10/03 11:07:33.0698 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/10/03 11:07:33.0729 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/03 11:07:33.0745 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/03 11:07:33.0792 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/03 11:07:33.0807 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/10/03 11:07:33.0854 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/03 11:07:33.0885 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/10/03 11:07:33.0916 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/10/03 11:07:33.0948 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/10/03 11:07:33.0979 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/10/03 11:07:34.0010 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/10/03 11:07:34.0041 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/10/03 11:07:34.0072 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/10/03 11:07:34.0135 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\89FA.tmp

2010/10/03 11:07:34.0166 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/10/03 11:07:34.0197 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/03 11:07:34.0228 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/03 11:07:34.0244 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/03 11:07:34.0260 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/10/03 11:07:34.0291 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/10/03 11:07:34.0338 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/03 11:07:34.0369 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/10/03 11:07:34.0384 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

2010/10/03 11:07:34.0416 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/03 11:07:34.0431 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/03 11:07:34.0462 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/03 11:07:34.0478 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/10/03 11:07:34.0509 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/10/03 11:07:34.0556 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/10/03 11:07:34.0587 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/10/03 11:07:34.0618 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/03 11:07:34.0650 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/03 11:07:34.0681 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/10/03 11:07:34.0712 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

2010/10/03 11:07:34.0728 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/03 11:07:34.0759 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/10/03 11:07:34.0774 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

2010/10/03 11:07:34.0806 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/03 11:07:34.0837 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

2010/10/03 11:07:34.0852 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/03 11:07:34.0868 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/03 11:07:34.0884 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/03 11:07:34.0915 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/10/03 11:07:34.0930 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/03 11:07:34.0946 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/03 11:07:34.0993 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/10/03 11:07:35.0008 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

2010/10/03 11:07:35.0040 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/03 11:07:35.0086 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

2010/10/03 11:07:35.0133 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/10/03 11:07:35.0149 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/10/03 11:07:35.0180 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/10/03 11:07:35.0196 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/10/03 11:07:35.0258 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/03 11:07:35.0289 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

2010/10/03 11:07:35.0320 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

2010/10/03 11:07:35.0336 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

2010/10/03 11:07:35.0367 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys

2010/10/03 11:07:35.0414 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/03 11:07:35.0445 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/10/03 11:07:35.0523 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/03 11:07:35.0554 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

2010/10/03 11:07:35.0617 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/03 11:07:35.0664 pxkbf (1235117ce8e252b17ff930bb24a23d14) C:\Windows\system32\drivers\pxkbf.sys

2010/10/03 11:07:35.0679 pxrts (7099ac760862008d5504f06327a461ba) C:\Windows\system32\drivers\pxrts.sys

2010/10/03 11:07:35.0695 pxscan (316c509f3f833b37063ea233efc62eb5) C:\Windows\system32\drivers\pxscan.sys

2010/10/03 11:07:35.0742 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/10/03 11:07:35.0788 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/10/03 11:07:35.0820 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/03 11:07:35.0898 R300 (a534642d594e653912cb6e49ba6f5c59) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/10/03 11:07:35.0944 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/03 11:07:35.0960 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/03 11:07:35.0991 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/03 11:07:36.0007 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/03 11:07:36.0054 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/03 11:07:36.0069 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/03 11:07:36.0100 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/10/03 11:07:36.0116 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/03 11:07:36.0147 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

2010/10/03 11:07:36.0194 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/03 11:07:36.0210 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys

2010/10/03 11:07:36.0241 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS

2010/10/03 11:07:36.0334 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2010/10/03 11:07:36.0350 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2010/10/03 11:07:36.0381 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/10/03 11:07:36.0412 sbtis (28d12739acf038b18fc8af2983f6881d) C:\Windows\system32\drivers\sbtis.sys

2010/10/03 11:07:36.0459 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

2010/10/03 11:07:36.0490 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/03 11:07:36.0522 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/03 11:07:36.0537 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

2010/10/03 11:07:36.0568 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/10/03 11:07:36.0600 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/10/03 11:07:36.0615 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/10/03 11:07:36.0646 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/10/03 11:07:36.0662 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/10/03 11:07:36.0693 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/10/03 11:07:36.0709 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/10/03 11:07:36.0756 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

2010/10/03 11:07:36.0787 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

2010/10/03 11:07:36.0818 srv (4adb9a620ff071ee7d17487a87861659) C:\Windows\system32\DRIVERS\srv.sys

2010/10/03 11:07:36.0849 srv2 (2aea7a85ceb33abb332d35617990f50b) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/03 11:07:36.0880 srvnet (a93df8babf7c7b9637a76e0eae5744b7) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/03 11:07:36.0912 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/03 11:07:36.0943 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/10/03 11:07:36.0958 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/10/03 11:07:36.0990 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/10/03 11:07:37.0052 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys

2010/10/03 11:07:37.0114 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/03 11:07:37.0146 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/03 11:07:37.0161 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/10/03 11:07:37.0177 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/10/03 11:07:37.0208 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/03 11:07:37.0224 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/03 11:07:37.0270 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/03 11:07:37.0286 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/10/03 11:07:37.0317 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/03 11:07:37.0348 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/10/03 11:07:37.0380 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/03 11:07:37.0426 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/10/03 11:07:37.0458 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/10/03 11:07:37.0489 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/10/03 11:07:37.0504 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/10/03 11:07:37.0536 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/03 11:07:37.0582 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/03 11:07:37.0614 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/10/03 11:07:37.0629 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/03 11:07:37.0660 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/03 11:07:37.0660 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/03 11:07:37.0692 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

2010/10/03 11:07:37.0723 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/03 11:07:37.0738 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/03 11:07:37.0785 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/03 11:07:37.0816 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/10/03 11:07:37.0832 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/10/03 11:07:37.0863 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

2010/10/03 11:07:37.0879 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

2010/10/03 11:07:37.0910 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

2010/10/03 11:07:37.0926 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/10/03 11:07:37.0972 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/10/03 11:07:38.0004 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/03 11:07:38.0019 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/03 11:07:38.0035 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/10/03 11:07:38.0082 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/03 11:07:38.0160 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2010/10/03 11:07:38.0222 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2010/10/03 11:07:38.0284 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/03 11:07:38.0331 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/03 11:07:38.0362 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys

2010/10/03 11:07:38.0409 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys

2010/10/03 11:07:38.0440 ================================================================================

2010/10/03 11:07:38.0440 Scan finished

2010/10/03 11:07:38.0440 ================================================================================

At the end of the scan it stated that it did not find any problems (today).

I removed Java 6 updates 5 and 7. There still remains Java 6 update 21, which after the fix and reboot pops up as Java requesting administrative approval to run. I denied it.

Ran GooredFix, here is the log:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 10:37 on 03/10/2010 (marlinmoyer)

Firefox version 3.0.1 (en-US)

========== GooredScan ==========

Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\sysldtray" -> Failed [5]

Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\sysftray2" -> Failed [5]

Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\sysmstray" -> Failed [5]

Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pp" -> Failed [5]

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:44 21/08/2008]

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [02:05 04/06/2009]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [17:04 11/06/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [16:02 26/09/2010]

C:\Users\marlinmoyer\Application Data\Mozilla\Firefox\Profiles\dpi3y5rh.default\extensions\

foxfilter@inspiredeffect.net [18:29 27/09/2010]

{20a82645-c095-46ed-80e3-08825760534b} [17:20 11/06/2010]

{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [18:07 05/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files (x86)\Real\RealPlayer\browserrecord" [15:31 14/10/2008]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:14 07/08/2009]

-=E.O.F=-

Ran OTL fix as instructed. I did not run a scan after it was done, so no log to post.

Awaiting your further instructions. Thanks.

MM

SpySentinel · October 3, 2010

Hi MM,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

mm33926988 · October 3, 2010

SpySentinel,

I downloaded ComboFix to desktop. I stopped Avira's active "guard" feature. When I tried to run ComboFix I got a message that the OS is incompatible ( I'm running Vista 64 bit) and ComboFix states it only works with XP and Windows 2000.

I also thought I should mention that I got the WordsLife.com web page as a popup page today and also that my PC is on a network with two other computers. My internet searching seemed to indicate that some of these problems can be related to the router and both other PCs have similar problems, although we rarely share files between them.

Your instructions please.

MM

SpySentinel · October 4, 2010

Let's try renaming it.

Please remove the current ComboFix you have on your desktop. Then...

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

mm33926988 · October 4, 2010

SpySentinel,

Yesterday while awaiting your reply I was investigating ComboFix for Vista 64 bit operating systems and it seems the official stance is that ComboFix is NOT intended to be used on 64 bit systems and may cause significant problems. Perhaps you are better informed about recent developments, but I am concerned. Is there another tool that can be used for the Vista 64 bit OS?

Also, my PC keeps popping up a User Account Control box for Java 6 update 21 everytime I open a new window or tab. I am not sure if it is legitimate or part of the malware. Should I allow it? I just hit the X and cose the box and the window opens.

Help?

MM

SpySentinel · October 4, 2010

Also, my PC keeps popping up a User Account Control box for Java 6 update 21 everytime I open a new window or tab. I am not sure if it is legitimate or part of the malware. Should I allow it? I just hit the X and cose the box and the window opens.

Yes go ahead and allow Java 6 update 21 to install. Once it does you should not see the UAC for that anymore.

mm33926988 · October 4, 2010

What about another tool for Vista 64bit - if ComboFix is not compatible?

MM

mm33926988 · October 5, 2010

SpySentinel,

As I mentioned earlier my PC is on a network and the other PCs seemed to have also gotten the "infection". Today I unplugged the router and ran the PC directly from the modem. The redirecting problem did not occur. I got a computer savvy friend to check out my ROUTER and he found the DNS settings had been changed by the initial trojan? infection and my internet traffic was being routed through Russia. He reset the router and changed the settings so a new password is required to make any further changes. I still want to run some further spyware and virus detection programs on my PCs, but I think I should be able to function normally again. I am going to purchase the "paid" version of Malwarebytes so I have live protection and hope I can avoid problems for a long while.

Let me know if you have further suggestions or scans that I should run to confirm the PCs are clean. Thank you for your help.

MM

SpySentinel · October 6, 2010

Resetting the router was a good idea. Lets make sure the infection is gone:

Launch Malwarebytes' Anti-Malware

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push
  
  You can refer to this animation by neomage if needed.

mm33926988 · October 7, 2010

SpySentinel,

Here are the scan results.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4763

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18943

10/6/2010 10:39:49 PM

mbam-log-2010-10-06 (22-39-49).txt

Scan type: Quick scan

Objects scanned: 167809

Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

That ESET seems to be quite a good scanner. It found a trojan none of the other scanners did. I don't know that the other two items it identified were really spyware.

ESET results:

C:\Users\marlinmoyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UT8MX3WT\www1_shildonyourpc_com[1].htm HTML/TrojanDownloader.FraudLoad.NAC.Gen trojan cleaned by deleting - quarantined

C:\Users\marlinmoyer\Documents\Favorites\Online Security Guide.lnk Win32/Adware.SecToolbar application cleaned by deleting - quarantined

F:\Documents Backup\Favorites\Online Security Guide.lnk Win32/Adware.SecToolbar application cleaned by deleting - quarantined

Further instructions?

SpySentinel · October 10, 2010

Sorry for the delay.

Those infections were only in the temp folder.

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

mm33926988 · October 10, 2010

SpySentinel,

Things seem to be operating properly. Here are the logs from running RSIT:

info.txt logfile of random's system information tool 1.08 2010-10-10 16:42:46

======Uninstall list======

-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}

Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE

Catalyst Control Center - Branding-->MsiExec.exe /I{4677674C-59CE-41B0-AA32-44A30A9D1EEB}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

ConvertHelper 2.2-->"C:\Program Files (x86)\ConvertHelper\unins000.exe"

DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Plus Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN

ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Federal 2007 Ammunition-->C:\PROGRA~1\Fed_2007\UNINSTAL.EXE C:\PROGRA~1\Fed_2007\INSTALL.LOG

FLV Player 2.0 (build 25)-->C:\Program Files (x86)\FLV Player\uninst.exe

Gateway Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}

Geek Squad 24 Hour Computer Support-->MsiExec.exe /I{BEA27FA8-9730-4074-8E17-4051C69EA59D}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware2010\unins000.exe"

Microsoft Money Essentials-->"C:\Program Files (x86)\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120

Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Mozilla Firefox (3.0.1)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Pdf995-->C:\Program Files (x86)\pdf995\setup.exe uninstall

Power2Go 5.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly

Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}

Smart Copy-->MsiExec.exe /I{17068829-10EE-4581-BDC8-C53C483694A3}

Sophos Anti-Rootkit 1.5.4-->C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\helper.exe remove

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

TBS WMP Plug-in-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}

Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======Security center information======

AV: Sunbelt VIPRE (disabled) (outdated)

AS: Windows Defender

AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Owner-PC.Vista

Event Code: 6008

Message: The previous system shutdown at 4:31:31 PM on 10/10/2010 was unexpected.

Record Number: 101456

Source Name: EventLog

Time Written: 20101010203440.000000-000

Event Type: Error

User:

Computer Name: Owner-PC.Vista

Event Code: 15016

Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Record Number: 101465

Source Name: Microsoft-Windows-HttpEvent

Time Written: 20101010203442.199754-000

Event Type: Error

User:

Computer Name: Owner-PC.Vista

Event Code: 11165

Message: The system failed to register host (A or AAAA) resource records (RRs) for network adapter

with settings:

Adapter Name : {9E7D4302-B517-47F3-88CC-64B552D0C3B5}

Host Name : Owner-PC

Primary Domain Suffix : Vista

DNS server list :

192.168.0.1

Sent update to server : <?>

IP Address(es) :

192.168.0.172

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or ( because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Record Number: 101467

Source Name: DnsApi

Time Written: 20101010203449.000000-000

Event Type: Warning

User:

Computer Name: Owner-PC.Vista

Event Code: 11165

Message: The system failed to register host (A or AAAA) resource records (RRs) for network adapter

with settings:

Adapter Name : {9E7D4302-B517-47F3-88CC-64B552D0C3B5}

Host Name : Owner-PC

Primary Domain Suffix : Vista

DNS server list :

192.168.0.1

Sent update to server : <?>

IP Address(es) :

192.168.0.172

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or ( because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Record Number: 101469

Source Name: DnsApi

Time Written: 20101010203501.000000-000

Event Type: Warning

User:

Computer Name: Owner-PC.Vista

Event Code: 11165

Message: The system failed to register host (A or AAAA) resource records (RRs) for network adapter

with settings:

Adapter Name : {9E7D4302-B517-47F3-88CC-64B552D0C3B5}

Host Name : Owner-PC

Primary Domain Suffix : Vista

DNS server list :

192.168.0.1

Sent update to server : <?>

IP Address(es) :

192.168.0.172

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or ( because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Record Number: 101470

Source Name: DnsApi

Time Written: 20101010203505.000000-000

Event Type: Warning

User:

=====Application event log=====

Computer Name: Owner-PC.Vista

Event Code: 1000

Message: Faulting application iexplore.exe, version 8.0.6001.18943, time stamp 0x4c25813d, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x0012adb7, process id 0x1098, application start time 0x01cb675d81e86a58.

Record Number: 9268

Source Name: Application Error

Time Written: 20101009025800.000000-000

Event Type: Error

User:

Computer Name: Owner-PC.Vista

Event Code: 4621

Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Record Number: 9274

Source Name: Microsoft-Windows-EventSystem

Time Written: 20101010202357.000000-000

Event Type: Error

User:

Computer Name: Owner-PC.Vista

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

2 user registry handles leaked from \Registry\User\S-1-5-21-3968901160-2759726070-778273491-1001_Classes:

Process 844 (\Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-3968901160-2759726070-778273491-1001_CLASSES\Interface

Process 844 (\Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-3968901160-2759726070-778273491-1001_CLASSES\Wow6432Node\Interface

Record Number: 9277

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20101010202400.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC.Vista

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 9291

Source Name: Microsoft-Windows-WMI

Time Written: 20101010202657.000000-000

Event Type: Error

User:

Computer Name: Owner-PC.Vista

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 9313

Source Name: Microsoft-Windows-WMI

Time Written: 20101010203617.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Owner-PC.Vista

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x3a17c04

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: XP-96FC0AA548

Source Network Address: 192.168.0.100

Source Port: 3566

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 135213

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100901230930.055500-000

Event Type: Audit Success

User:

Computer Name: Owner-PC.Vista

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x3a17c04

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 135214

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100901230930.057500-000

Event Type: Audit Success

User:

Computer Name: Owner-PC.Vista

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x3a17c14