Jump to content

google redirects and possible malware


Recommended Posts

Here is my post log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:51:51 AM, on 12/15/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Irvine2\Desktop\OTL.exe

C:\Users\Irvine2\Downloads\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [combofix] "C:\Combo-Fix\CF20654.cfxxe" /c "C:\Combo-Fix\C.bat"

O4 - HKLM\..\Policies\Explorer\Run: [ukpon] C:\Windows\system32\dnsexty.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe

O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} (Kongdisk Web Control) - http://patch.kongdisk.com/install/KongdiskCtrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PEVSystemStart - Unknown owner - C:\Combo-Fix\PEV.cfxxe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--

End of file - 7002 bytes

Link to post
Share on other sites

Here is my OTL:

OTL logfile created on: 12/15/2010 12:49:24 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Irvine2\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 453.15 Gb Total Space | 226.81 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Drive D: | 12.61 Gb Total Space | 1.99 Gb Free Space | 15.78% Space Free | Partition Type: NTFS

Drive F: | 55.88 Gb Total Space | 14.49 Gb Free Space | 25.92% Space Free | Partition Type: NTFS

Drive G: | 7.47 Gb Total Space | 0.97 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

Computer Name: IRVINE-PC | User Name: Irvine2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/15 00:45:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

PRC - [2010/12/09 22:07:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/12/09 22:07:23 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/12/23 13:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/12/15 00:45:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Combo-Fix\PEV.cfx -- (PEVSystemStart)

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)

SRV - [2010/11/30 21:34:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/11/19 10:04:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 13:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\System32\DRIVERS\eamonm.sys -- (eamonm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Irvine2\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/11/19 11:49:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/07/16 15:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2010/07/16 15:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 15:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 14:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)

DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/10/22 17:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B AA 82 3F 05 97 CB 01 [binary data]

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 22:07:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 22:07:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/14 21:38:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/30 10:50:48 | 000,000,000 | ---D | M] -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Extensions

[2010/11/30 10:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/12/14 10:11:22 | 000,000,000 | ---D | M] -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Firefox\Profiles\n8yijkhs.default\extensions

[2010/11/30 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Firefox\Profiles\n8yijkhs.default\extensions\foxmarks@kei.com

[2010/12/14 10:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/19 01:17:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/13 17:02:51 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [combofix] C:\Combo-Fix\CF20654.cfx File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Ukpon = C:\Windows\system32\dnsexty.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} http://patch.kongdisk.com/install/KongdiskCtrl.cab (Kongdisk Web Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.4.16.30 68.6.16.30 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/02/12 19:24:00 | 000,000,028 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/15 00:45:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

[2010/12/15 00:31:51 | 000,000,000 | --SD | C] -- C:\Combo-Fix

[2010/12/15 00:30:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/12/14 23:59:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/12/14 23:59:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/12/14 23:59:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/12/14 23:53:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/12/08 21:53:37 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\dvdcss

[2010/12/07 13:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

[2010/12/06 14:55:15 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\Tracing

[2010/12/02 02:03:33 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Stamps.com Internet Postage

[2010/12/01 21:00:25 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\vlc

[2010/12/01 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Malwarebytes

[2010/12/01 11:02:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/01 11:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/12/01 11:02:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/01 11:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/30 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\skypePM

[2010/11/30 21:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone

[2010/11/30 21:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone

[2010/11/30 21:25:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\PPLive

[2010/11/30 21:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\PPLive

[2010/11/30 21:21:30 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\WinRAR

[2010/11/30 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\GrabIt

[2010/11/30 19:10:46 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\uTorrent

[2010/11/30 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\inFlow Inventory

[2010/11/30 12:17:13 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR

[2010/11/30 12:16:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA

[2010/11/30 11:08:06 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\ElevatedDiagnostics

[2010/11/30 11:07:42 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Apple Computer

[2010/11/30 10:50:43 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Thunderbird

[2010/11/30 10:50:43 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Thunderbird

[2010/11/30 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\acccore

[2010/11/30 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\AOL

[2010/11/30 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\AIM

[2010/11/30 10:39:30 | 000,000,000 | ---D | C] -- C:\PERSONAL

[2010/11/29 22:55:08 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Macromedia

[2010/11/29 22:54:39 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Mozilla

[2010/11/29 22:54:39 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Mozilla

[2010/11/29 21:17:30 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Skype

[2010/11/29 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\ESET

[2010/11/29 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Adobe

[2010/11/29 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Adobe

[2010/11/29 19:28:31 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Apple Computer

[2010/11/29 19:27:47 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Searches

[2010/11/29 19:27:46 | 000,000,000 | -H-D | C] -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/11/29 19:27:22 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Identities

[2010/11/29 19:27:19 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Contacts

[2010/11/29 19:27:04 | 000,000,000 | --SD | C] -- C:\Users\Irvine2\AppData\Roaming\Microsoft

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Videos

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Saved Games

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Pictures

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Music

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Links

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Favorites

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Downloads

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\My Documents

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Desktop

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\AppData\Local\Temporary Internet Files

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Templates

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Start Menu

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\SendTo

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Recent

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\PrintHood

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\NetHood

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Documents\My Videos

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Documents\My Pictures

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Documents\My Music

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\My Documents

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Local Settings

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\AppData\Local\History

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Cookies

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Application Data

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\AppData\Local\Application Data

[2010/11/29 19:27:04 | 000,000,000 | -H-D | C] -- C:\Users\Irvine2\AppData

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Temp

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Microsoft Help

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Microsoft

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Media Center Programs

[2010/11/28 17:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information

[2010/11/28 16:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC

[2010/11/23 21:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\KONGDISK

[2010/11/23 16:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2010/11/23 11:47:27 | 000,000,000 | ---D | C] -- C:\gameconsole

[2010/11/23 09:44:20 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU

[2010/11/22 16:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{3473CE33-F2D3-4077-85C4-AFC591C06EF7}

[2010/11/22 16:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage

[2010/11/22 14:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM

[2010/11/22 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility

[2010/11/22 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\AIM

[2010/11/22 14:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL

[2010/11/22 11:16:31 | 000,000,000 | ---D | C] -- C:\Windows\en

[2010/11/22 11:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2010/11/22 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/11/22 11:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/11/22 11:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2010/11/22 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/11/21 04:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt

[2010/11/20 04:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\P2 Games

[2010/11/20 04:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sid Meier's Civilization V

[2010/11/19 20:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\ePSXe

[2010/11/19 20:44:03 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp

[2010/11/19 20:43:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2010/11/19 20:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/11/19 15:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2010/11/19 15:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/11/19 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/11/19 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/11/19 14:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2010/11/19 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2010/11/19 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/11/19 14:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2010/11/19 14:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/11/19 14:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/11/19 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft

[2010/11/19 12:07:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/11/19 12:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\inFlow Inventory

[2010/11/19 10:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/11/19 10:04:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/11/19 09:57:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/11/19 01:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2010/11/19 01:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects

[2010/11/19 01:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\inFlow Inventory

[2010/11/19 01:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup

[2010/11/19 01:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2010/11/19 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/11/19 01:17:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/11/19 01:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/11/19 01:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft

[2010/11/19 01:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/11/19 01:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/19 00:52:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2010/11/19 00:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/19 00:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/19 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/19 00:51:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2010/11/19 00:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/11/19 00:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2010/11/19 00:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/11/19 00:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/11/19 00:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2010/11/19 00:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/11/19 00:48:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/11/19 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010/11/19 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/11/18 23:38:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/11/18 23:34:46 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/11/18 23:32:55 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/11/18 23:14:59 | 000,000,000 | ---D | C] -- C:\Windows.old.001

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 00:50:19 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/15 00:50:19 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/15 00:45:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

[2010/12/15 00:43:02 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\wmtig.job

[2010/12/15 00:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/15 00:42:44 | 265,821,053 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/12/15 00:42:40 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/15 00:30:22 | 003,989,876 | R--- | M] () -- C:\Users\Irvine2\Desktop\Combo-Fix.exe

[2010/12/15 00:23:08 | 000,670,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/15 00:23:08 | 000,124,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/14 23:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At26.job

[2010/12/14 23:26:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/14 22:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job

[2010/12/14 21:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job

[2010/12/14 20:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job

[2010/12/14 19:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job

[2010/12/14 18:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job

[2010/12/14 17:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job

[2010/12/14 17:06:16 | 000,248,732 | ---- | M] () -- C:\Users\Irvine2\Desktop\1AUG09 IN090806202-2(invoice).doc

[2010/12/14 17:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job

[2010/12/14 17:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job

[2010/12/14 16:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job

[2010/12/14 15:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job

[2010/12/14 14:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job

[2010/12/14 13:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job

[2010/12/14 12:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job

[2010/12/14 11:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job

[2010/12/14 10:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job

[2010/12/14 10:18:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job

[2010/12/14 10:03:00 | 000,000,036 | -H-- | M] () -- C:\Windows\System32\f9t.dat

[2010/12/14 00:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job

[2010/12/11 11:12:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2010/12/09 16:59:38 | 000,039,239 | ---- | M] () -- C:\Users\Irvine2\Desktop\Product Price List.pdf

[2010/12/08 23:51:42 | 000,000,283 | ---- | M] () -- C:\Users\Irvine2\Documents\ax_files.xml

[2010/12/08 21:27:39 | 000,013,869 | ---- | M] () -- C:\Users\Irvine2\Desktop\College Essay Final Draft.docx

[2010/12/08 13:26:27 | 000,039,012 | ---- | M] () -- C:\Users\Irvine2\Desktop\Bank of America _ Online Ba...pdf

[2010/12/07 11:06:25 | 000,051,915 | ---- | M] () -- C:\Users\Irvine2\Desktop\Quote-Q11-101182.pdf

[2010/12/03 13:53:05 | 000,000,112 | ---- | M] () -- C:\ProgramData\3cm62F1.dat

[2010/11/30 21:26:28 | 1073,741,824 | ---- | M] () -- C:\PFSVODDATA.ppv

[2010/11/30 21:24:33 | 000,001,835 | ---- | M] () -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive NetTV.lnk

[2010/11/30 21:22:32 | 000,001,411 | ---- | M] () -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/30 19:11:16 | 000,000,941 | ---- | M] () -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\

Link to post
Share on other sites

Here is my OTL Log:

OTL logfile created on: 12/15/2010 12:49:24 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Irvine2\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 453.15 Gb Total Space | 226.81 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Drive D: | 12.61 Gb Total Space | 1.99 Gb Free Space | 15.78% Space Free | Partition Type: NTFS

Drive F: | 55.88 Gb Total Space | 14.49 Gb Free Space | 25.92% Space Free | Partition Type: NTFS

Drive G: | 7.47 Gb Total Space | 0.97 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

Computer Name: IRVINE-PC | User Name: Irvine2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/15 00:45:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

PRC - [2010/12/09 22:07:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/12/09 22:07:23 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/12/23 13:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/12/15 00:45:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Combo-Fix\PEV.cfx -- (PEVSystemStart)

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)

SRV - [2010/11/30 21:34:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/11/19 10:04:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 13:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\System32\DRIVERS\eamonm.sys -- (eamonm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Irvine2\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/11/19 11:49:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/07/16 15:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2010/07/16 15:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 15:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 14:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)

DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/10/22 17:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B AA 82 3F 05 97 CB 01 [binary data]

IE - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 22:07:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 22:07:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/14 21:38:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/30 10:50:48 | 000,000,000 | ---D | M] -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Extensions

[2010/11/30 10:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/12/14 10:11:22 | 000,000,000 | ---D | M] -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Firefox\Profiles\n8yijkhs.default\extensions

[2010/11/30 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\Irvine2\AppData\Roaming\Mozilla\Firefox\Profiles\n8yijkhs.default\extensions\foxmarks@kei.com

[2010/12/14 10:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/19 01:17:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/13 17:02:51 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [combofix] C:\Combo-Fix\CF20654.cfx File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Ukpon = C:\Windows\system32\dnsexty.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} http://patch.kongdisk.com/install/KongdiskCtrl.cab (Kongdisk Web Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.4.16.30 68.6.16.30 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/02/12 19:24:00 | 000,000,028 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/15 00:45:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

[2010/12/15 00:31:51 | 000,000,000 | --SD | C] -- C:\Combo-Fix

[2010/12/15 00:30:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/12/14 23:59:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/12/14 23:59:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/12/14 23:59:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/12/14 23:53:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/12/08 21:53:37 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\dvdcss

[2010/12/07 13:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

[2010/12/06 14:55:15 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\Tracing

[2010/12/02 02:03:33 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Stamps.com Internet Postage

[2010/12/01 21:00:25 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\vlc

[2010/12/01 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Malwarebytes

[2010/12/01 11:02:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/01 11:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/12/01 11:02:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/01 11:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/30 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\skypePM

[2010/11/30 21:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone

[2010/11/30 21:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone

[2010/11/30 21:25:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\PPLive

[2010/11/30 21:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\PPLive

[2010/11/30 21:21:30 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\WinRAR

[2010/11/30 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\GrabIt

[2010/11/30 19:10:46 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\uTorrent

[2010/11/30 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\inFlow Inventory

[2010/11/30 12:17:13 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR

[2010/11/30 12:16:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA

[2010/11/30 11:08:06 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\ElevatedDiagnostics

[2010/11/30 11:07:42 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Apple Computer

[2010/11/30 10:50:43 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Thunderbird

[2010/11/30 10:50:43 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Thunderbird

[2010/11/30 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\acccore

[2010/11/30 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\AOL

[2010/11/30 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\AIM

[2010/11/30 10:39:30 | 000,000,000 | ---D | C] -- C:\PERSONAL

[2010/11/29 22:55:08 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Macromedia

[2010/11/29 22:54:39 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Mozilla

[2010/11/29 22:54:39 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Mozilla

[2010/11/29 21:17:30 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Skype

[2010/11/29 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\ESET

[2010/11/29 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Adobe

[2010/11/29 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Adobe

[2010/11/29 19:28:31 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Apple Computer

[2010/11/29 19:27:47 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Searches

[2010/11/29 19:27:46 | 000,000,000 | -H-D | C] -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/11/29 19:27:22 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Identities

[2010/11/29 19:27:19 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Contacts

[2010/11/29 19:27:04 | 000,000,000 | --SD | C] -- C:\Users\Irvine2\AppData\Roaming\Microsoft

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Videos

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Saved Games

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Pictures

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Music

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Links

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Favorites

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Downloads

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\My Documents

[2010/11/29 19:27:04 | 000,000,000 | R--D | C] -- C:\Users\Irvine2\Desktop

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\AppData\Local\Temporary Internet Files

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Templates

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Start Menu

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\SendTo

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Recent

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\PrintHood

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\NetHood

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Documents\My Videos

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Documents\My Pictures

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Documents\My Music

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\My Documents

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Local Settings

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\AppData\Local\History

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Cookies

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\Application Data

[2010/11/29 19:27:04 | 000,000,000 | -HSD | C] -- C:\Users\Irvine2\AppData\Local\Application Data

[2010/11/29 19:27:04 | 000,000,000 | -H-D | C] -- C:\Users\Irvine2\AppData

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Temp

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Microsoft Help

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Local\Microsoft

[2010/11/29 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Irvine2\AppData\Roaming\Media Center Programs

[2010/11/28 17:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information

[2010/11/28 16:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC

[2010/11/23 21:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\KONGDISK

[2010/11/23 16:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2010/11/23 11:47:27 | 000,000,000 | ---D | C] -- C:\gameconsole

[2010/11/23 09:44:20 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU

[2010/11/22 16:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{3473CE33-F2D3-4077-85C4-AFC591C06EF7}

[2010/11/22 16:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage

[2010/11/22 14:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM

[2010/11/22 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility

[2010/11/22 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\AIM

[2010/11/22 14:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL

[2010/11/22 11:16:31 | 000,000,000 | ---D | C] -- C:\Windows\en

[2010/11/22 11:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2010/11/22 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/11/22 11:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/11/22 11:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2010/11/22 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/11/21 04:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt

[2010/11/20 04:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\P2 Games

[2010/11/20 04:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sid Meier's Civilization V

[2010/11/19 20:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\ePSXe

[2010/11/19 20:44:03 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp

[2010/11/19 20:43:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2010/11/19 20:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/11/19 15:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2010/11/19 15:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/11/19 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/11/19 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/11/19 14:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2010/11/19 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2010/11/19 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/11/19 14:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2010/11/19 14:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/11/19 14:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/11/19 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft

[2010/11/19 12:07:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/11/19 12:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\inFlow Inventory

[2010/11/19 10:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/11/19 10:04:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/11/19 09:57:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/11/19 01:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2010/11/19 01:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects

[2010/11/19 01:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\inFlow Inventory

[2010/11/19 01:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup

[2010/11/19 01:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2010/11/19 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/11/19 01:17:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/11/19 01:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/11/19 01:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft

[2010/11/19 01:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/11/19 01:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/19 00:52:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2010/11/19 00:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/19 00:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/19 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/19 00:51:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2010/11/19 00:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/11/19 00:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2010/11/19 00:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/11/19 00:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/11/19 00:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2010/11/19 00:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/11/19 00:48:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/11/19 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010/11/19 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/11/18 23:38:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/11/18 23:34:46 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/11/18 23:32:55 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/11/18 23:14:59 | 000,000,000 | ---D | C] -- C:\Windows.old.001

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 00:50:19 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/15 00:50:19 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/15 00:45:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Irvine2\Desktop\OTL.exe

[2010/12/15 00:43:02 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\wmtig.job

[2010/12/15 00:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/15 00:42:44 | 265,821,053 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/12/15 00:42:40 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/15 00:30:22 | 003,989,876 | R--- | M] () -- C:\Users\Irvine2\Desktop\Combo-Fix.exe

[2010/12/15 00:23:08 | 000,670,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/15 00:23:08 | 000,124,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/14 23:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At26.job

[2010/12/14 23:26:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/14 22:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job

[2010/12/14 21:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job

[2010/12/14 20:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job

[2010/12/14 19:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job

[2010/12/14 18:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job

[2010/12/14 17:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job

[2010/12/14 17:06:16 | 000,248,732 | ---- | M] () -- C:\Users\Irvine2\Desktop\1AUG09 IN090806202-2(invoice).doc

[2010/12/14 17:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job

[2010/12/14 17:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job

[2010/12/14 16:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job

[2010/12/14 15:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job

[2010/12/14 14:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job

[2010/12/14 13:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job

[2010/12/14 12:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job

[2010/12/14 11:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job

[2010/12/14 10:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job

[2010/12/14 10:18:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job

[2010/12/14 10:03:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job

[2010/12/14 10:03:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job

[2010/12/14 10:03:00 | 000,000,036 | -H-- | M] () -- C:\Windows\System32\f9t.dat

[2010/12/14 00:56:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job

[2010/12/11 11:12:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2010/12/09 16:59:38 | 000,039,239 | ---- | M] () -- C:\Users\Irvine2\Desktop\Product Price List.pdf

[2010/12/08 23:51:42 | 000,000,283 | ---- | M] () -- C:\Users\Irvine2\Documents\ax_files.xml

[2010/12/08 21:27:39 | 000,013,869 | ---- | M] () -- C:\Users\Irvine2\Desktop\College Essay Final Draft.docx

[2010/12/08 13:26:27 | 000,039,012 | ---- | M] () -- C:\Users\Irvine2\Desktop\Bank of America _ Online Ba...pdf

[2010/12/07 11:06:25 | 000,051,915 | ---- | M] () -- C:\Users\Irvine2\Desktop\Quote-Q11-101182.pdf

[2010/12/03 13:53:05 | 000,000,112 | ---- | M] () -- C:\ProgramData\3cm62F1.dat

[2010/11/30 21:26:28 | 1073,741,824 | ---- | M] () -- C:\PFSVODDATA.ppv

[2010/11/30 21:24:33 | 000,001,835 | ---- | M] () -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive NetTV.lnk

[2010/11/30 21:22:32 | 000,001,411 | ---- | M] () -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/30 19:11:16 | 000,000,941 | ---- | M] () -- C:\Users\Irvine2\Application Data\Microsoft\Internet Explorer\Quick Launch\

Link to post
Share on other sites

Extras:

OTL Extras logfile created on: 12/15/2010 12:49:24 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Irvine2\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 453.15 Gb Total Space | 226.81 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Drive D: | 12.61 Gb Total Space | 1.99 Gb Free Space | 15.78% Space Free | Partition Type: NTFS

Drive F: | 55.88 Gb Total Space | 14.49 Gb Free Space | 25.92% Space Free | Partition Type: NTFS

Drive G: | 7.47 Gb Total Space | 0.97 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

Computer Name: IRVINE-PC | User Name: Irvine2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INFLOWSQL)

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B562F87-8385-4B95-A8C2-13C008872D6C}" = Microsoft SQL Server Management Objects Collection

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran

Link to post
Share on other sites

Bump for help! I will donate for someone to help me please!

Extras:

OTL Extras logfile created on: 12/15/2010 12:49:24 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Irvine2\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 453.15 Gb Total Space | 226.81 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Drive D: | 12.61 Gb Total Space | 1.99 Gb Free Space | 15.78% Space Free | Partition Type: NTFS

Drive F: | 55.88 Gb Total Space | 14.49 Gb Free Space | 25.92% Space Free | Partition Type: NTFS

Drive G: | 7.47 Gb Total Space | 0.97 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

Computer Name: IRVINE-PC | User Name: Irvine2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957598150-4257587646-1476821151-1007\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INFLOWSQL)

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B562F87-8385-4B95-A8C2-13C008872D6C}" = Microsoft SQL Server Management Objects Collection

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran

Link to post
Share on other sites

Hello tekmaster! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Sorry, I'd send you instructions before nine hours ago, but had to go to school.

Step 1

Going over your logs I noticed that you have

Link to post
Share on other sites

Hey Thank you so much for your help!! I'm sorry I'm replying so late but my work is hectic..

Here's my log:

All processes killed

========== FILES ==========

C:\Windows\System32\lspEB3C.tmp moved successfully.

C:\Windows\msdownld.tmp folder moved successfully.

File\Folder C:\Windows\tasks\*.job not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: user

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1381503 bytes

->FireFox cache emptied: 48382052 bytes

->Flash cache emptied: 12656 bytes

User: user2

->Temp folder emptied: 11184668 bytes

->Temporary Internet Files folder emptied: 868372 bytes

->FireFox cache emptied: 76630695 bytes

->Flash cache emptied: 29693 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 626941 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 133.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12152010_223019

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

No problem :)

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Thanks! =)

Here is my log that you requested. Let me know what you think.

.

.

.

ComboFix 10-12-15.06 - Irvine2 12/16/2010 11:21:13.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2454 [GMT -8:00]

Running from: c:\users\Irvine2\Desktop\Combo-Fix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\QuickTime\QTTask .exe

c:\program files\QuickTime\QTTask .exe

c:\programdata\C3a22BFs.exe

c:\windows\system32\config\systemprofile\Desktop\Improve Your PC.lnk

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))

.

2010-12-16 19:33 . 2010-12-16 19:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2010-12-16 19:33 . 2010-12-16 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-16 06:30 . 2010-12-16 06:30 -------- d-----w- C:\_OTL

2010-12-09 13:59 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4AFFA4B-7FA0-4C58-B4AB-84CBAF364416}\mpengine.dll

2010-12-07 21:29 . 2010-12-07 21:29 -------- d-----w- c:\program files\Xvid

2010-12-07 21:29 . 2009-06-08 00:25 77824 ----a-w- c:\windows\system32\xvid.ax

2010-12-07 21:29 . 2009-06-08 00:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-12-07 21:29 . 2009-06-08 00:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-12-01 19:02 . 2010-12-01 19:02 -------- d-----w- c:\programdata\Malwarebytes

2010-12-01 19:02 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-01 19:02 . 2010-12-15 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-01 19:02 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-01 05:34 . 2010-12-01 06:51 -------- d-----w- c:\programdata\Rosetta Stone

2010-12-01 05:34 . 2010-12-01 05:34 -------- d-----w- c:\program files\Rosetta Stone

2010-12-01 05:24 . 2010-12-01 05:34 -------- d-----w- c:\program files\PPLive

2010-11-30 20:17 . 2010-11-30 20:17 -------- d-----w- c:\windows\JMCR_DIR

2010-11-30 20:16 . 2010-11-30 20:16 -------- d-----w- c:\windows\system32\SDA

2010-11-30 20:16 . 2008-10-23 01:42 110080 ----a-w- c:\windows\system32\JmCrIcon.dll

2010-11-30 18:39 . 2010-11-30 18:40 -------- d-----w- C:\PERSONAL

2010-11-30 03:27 . 2010-12-06 22:55 -------- d-----w- c:\users\Irvine2

2010-11-29 03:16 . 2010-11-29 03:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WhiteSmokeSetup

2010-11-29 03:01 . 2010-11-29 03:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe

2010-11-29 01:05 . 2010-11-29 03:16 -------- d-----w- c:\program files\InstallShield Installation Information

2010-11-29 01:04 . 2010-11-29 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\{0663C824-425C-487A-8C12-F9D56C874B94}

2010-11-29 00:23 . 2010-11-29 10:07 -------- d-----w- c:\program files\mIRC

2010-11-24 11:44 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-24 05:43 . 2010-11-24 05:43 -------- d-----w- c:\program files\KONGDISK

2010-11-24 00:03 . 2010-12-16 18:16 -------- d-----w- c:\programdata\FLEXnet

2010-11-23 19:47 . 2010-11-24 00:34 -------- d-----w- C:\gameconsole

2010-11-23 17:44 . 2010-11-23 17:44 -------- d-----w- c:\windows\SQL9_KB970892_ENU

2010-11-23 17:42 . 2010-11-23 17:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2010-11-23 01:02 . 2010-11-23 01:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET

2010-11-23 00:50 . 2010-11-23 00:50 -------- d-----w- c:\programdata\{3473CE33-F2D3-4077-85C4-AFC591C06EF7}

2010-11-23 00:50 . 2010-11-23 00:51 -------- d-----w- c:\program files\Stamps.com Internet Postage

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\programdata\AIM

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\program files\AIM

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\program files\Common Files\AOL

2010-11-22 19:16 . 2010-11-22 19:16 -------- d-----w- c:\windows\en

2010-11-22 19:15 . 2010-11-22 19:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-22 19:12 . 2010-11-22 19:15 -------- d-----w- c:\program files\Windows Live

2010-11-22 19:07 . 2010-11-23 22:16 -------- d-----w- c:\program files\Microsoft Silverlight

2010-11-22 19:06 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2010-11-22 19:06 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-11-22 19:04 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-11-22 19:04 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-11-22 19:04 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-11-22 19:02 . 2010-11-22 19:10 -------- d-----w- c:\program files\Canon

2010-11-22 19:02 . 2010-11-22 19:02 -------- d-----w- c:\program files\Common Files\Windows Live

2010-11-21 12:42 . 2010-11-21 12:43 -------- d-----w- c:\program files\GrabIt

2010-11-20 12:36 . 2010-11-20 12:36 -------- d-----w- c:\program files\P2 Games

2010-11-20 12:27 . 2008-10-15 14:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2010-11-20 12:27 . 2008-10-15 14:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2010-11-20 12:27 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2010-11-20 12:16 . 2010-11-21 07:34 -------- d-----w- c:\program files\Sid Meier's Civilization V

2010-11-20 04:58 . 2010-11-20 04:58 -------- d-----w- c:\program files\ePSXe

2010-11-20 04:46 . 2008-07-10 19:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-11-20 04:38 . 2010-12-01 03:11 -------- d-----w- c:\program files\uTorrent

2010-11-19 23:29 . 2010-11-19 23:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2010-11-19 23:28 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-11-19 23:23 . 2010-11-19 23:29 -------- d-----w- c:\program files\Common Files\Adobe

2010-11-19 22:19 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-11-19 22:19 . 2008-11-10 19:41 32656 ----a-w- c:\windows\system32\msonpmon.dll

2010-11-19 22:18 . 2010-11-23 17:50 -------- d-----w- c:\program files\Microsoft Works

2010-11-19 22:14 . 2010-11-19 22:14 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-11-19 22:13 . 2010-12-15 20:24 -------- d-----w- c:\programdata\Microsoft Help

2010-11-19 22:00 . 2010-11-19 22:00 -------- d-----w- c:\program files\Alcohol Soft

2010-11-19 20:07 . 2010-11-19 20:07 -------- d-----w- c:\windows\PCHEALTH

2010-11-19 20:06 . 2010-11-30 18:27 -------- d-----w- c:\programdata\inFlow Inventory

2010-11-19 19:49 . 2010-11-19 19:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-11-19 18:08 . 2010-11-19 22:17 -------- d-----w- c:\program files\Microsoft.NET

2010-11-19 18:04 . 2010-11-19 18:04 -------- d-----w- c:\windows\system32\Wat

2010-11-19 09:50 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-19 09:48 . 2009-11-25 20:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-19 09:48 . 2009-11-25 20:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-19 09:48 . 2009-11-25 20:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-19 09:48 . 2009-11-25 20:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-19 09:48 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-19 09:35 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-11-19 09:35 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-11-19 09:34 . 2010-11-23 17:44 -------- d-----w- c:\program files\Microsoft SQL Server

2010-11-19 09:31 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-11-19 09:31 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-11-19 09:31 . 2010-11-19 09:31 -------- d-----w- c:\program files\Business Objects

2010-11-19 09:31 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

2010-11-19 09:29 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe

2010-11-19 09:29 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-11-19 09:29 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-11-19 09:29 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-19 09:29 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-11-19 09:29 . 2010-09-08 04:27 859648 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2010-11-19 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-11-19 09:27 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-11-19 09:27 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-11-19 09:27 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-11-19 09:27 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-19 09:27 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-11-19 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-11-19 09:27 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-11-19 09:27 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-11-19 09:26 . 2010-11-19 20:13 -------- d-----w- c:\program files\inFlow Inventory

2010-11-19 09:21 . 2010-11-19 09:21 -------- d-----w- c:\program files\MozBackup

2010-11-19 09:20 . 2010-12-15 05:38 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-11-19 09:17 . 2010-11-19 09:17 -------- d-----w- c:\program files\Common Files\Skype

2010-11-19 09:17 . 2010-11-19 09:17 -------- d-----r- c:\program files\Skype

2010-11-19 09:16 . 2010-11-19 09:16 -------- d-----w- c:\programdata\Skype

2010-11-19 09:15 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-11-19 09:15 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-11-19 09:15 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-19 09:14 . 2010-11-19 09:14 -------- d-----w- c:\program files\UlisesSoft

2010-11-19 09:06 . 2010-12-15 08:04 -------- d-----w- c:\program files\ESET

2010-11-19 08:52 . 2010-11-19 08:52 -------- dc----w- c:\windows\system32\DRVSTORE

2010-11-19 08:52 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-11-19 08:52 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\program files\Apple Software Update

2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer

2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\program files\Bonjour

2010-11-19 08:49 . 2010-11-19 08:50 -------- d-----w- c:\programdata\Apple

2010-11-19 08:49 . 2010-11-19 08:52 -------- d-----w- c:\program files\Common Files\Apple

2010-11-19 08:48 . 2010-12-15 08:05 -------- d-sh--w- c:\windows\Installer

2010-11-19 08:37 . 2010-11-19 08:37 -------- d-----w- c:\program files\VideoLAN

2010-11-19 08:36 . 2010-06-18 17:52 18499623 ----a-w- c:\temp\vlc-1.0.5-win32.exe

2010-11-19 08:36 . 2009-10-21 01:49 904137 ----a-w- c:\temp\ESET NOD32 Antivirus Business Edition 4.2.35.0\NodLogin.10c-UlisesSoft\nl10c_64bits\setup.exe

2010-11-19 08:36 . 2009-10-21 01:38 397265 ----a-w- c:\temp\ESET NOD32 Antivirus Business Edition 4.2.35.0\NodLogin.10c-UlisesSoft\nl10c_32bits\setup.exe

2010-11-19 08:36 . 2009-09-10 22:43 2333974 ----a-w- c:\temp\ESET NOD32 Antivirus Business Edition 4.2.35.0\NodEnabler.v3.2.4\setupX64.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 20:23 . 2010-10-07 20:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-09-28 23:44 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-28 23:44 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-23 08:47 . 2010-09-23 08:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-23 08:32 . 2010-09-23 08:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 22:03 . 2010-09-21 22:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

.

<pre>
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-12-15_09.17.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-19 21:38 . 2010-12-16 18:14 24004 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2010-12-16 18:36 . 2010-12-16 19:07 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat

- 2010-12-14 03:59 . 2010-12-14 03:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2010-12-14 03:59 . 2010-12-16 19:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2010-11-29 02:21 . 2010-12-16 19:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2010-11-29 02:21 . 2010-12-15 08:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2010-11-29 01:05 . 2010-12-14 07:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat

+ 2010-11-29 01:05 . 2010-12-16 19:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat

+ 2010-11-30 03:28 . 2010-12-16 19:21 6280 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1957598150-4257587646-1476821151-1007_UserData.bin

+ 2010-12-16 19:07 . 2010-12-16 19:08 7680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6D2EDF2-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 7168 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B014A0F1-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9821B45-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9821B44-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3884248-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3884239-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D388422A-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD12F7C3-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD12F7C1-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD12F7B2-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6D2EDF6-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6D2EDF5-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6D2EDF3-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF513C78-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9411C6A-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9411C59-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B014A0F4-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:07 . 2010-12-16 19:07 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B014A0F2-0947-11E0-A3BE-00238BB1AC4F}.dat

+ 2010-12-16 19:08 . 2010-12-16 19:08 9202 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat

- 2010-12-15 09:01 . 2010-12-15 09:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2010-12-16 19:18 . 2010-12-16 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-12-15 09:01 . 2010-12-15 09:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-12-16 19:18 . 2010-12-16 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-11-29 03:16 . 2010-12-16 19:08 491520 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat

+ 2010-12-16 03:43 . 2010-12-16 03:43 245980 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

- 2010-12-10 20:36 . 2010-12-10 20:36 730090 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957598150-4257587646-1476821151-1007-12288.dat

+ 2010-12-10 20:36 . 2010-12-16 10:00 730090 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957598150-4257587646-1476821151-1007-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Ukpon"="c:\windows\system32\dnsexty.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-19 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-19 691696]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]

S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} - hxxp://patch.kongdisk.com/install/KongdiskCtrl.cab

FF - ProfilePath - c:\users\Irvine2\AppData\Roaming\Mozilla\Firefox\Profiles\n8yijkhs.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: ST9500325AS rev.0002SPM1 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll >>UNKNOWN [0x86263446]<<

c:\windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Company Mobile Data Protection System

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86269504]; MOV EAX, [0x86269580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82A75458] -> \Device\Harddisk0\DR0[0x86244AC8]

3 CLASSPNP[0x8B47B59E] -> ntkrnlpa!IofCallDriver[0x82A75458] -> [0x862435A8]

5 hpdskflt[0x8B21A0BE] -> ntkrnlpa!IofCallDriver[0x82A75458] -> \IdeDeviceP2T0L0-4[0x85338030]

\Driver\atapi[0x8624AD28] -> IRP_MJ_CREATE -> 0x86263446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9500325AS_____________________________0002SPM1#5&6098b8e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

copy of MBR has been found in sector 9 !

sectors 976773166 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,24,3b,ff,fd,c2,a6,4f,ba,b5,ca,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,24,3b,ff,fd,c2,a6,4f,ba,b5,ca,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-12-16 11:37:23

ComboFix-quarantined-files.txt 2010-12-16 19:37

ComboFix2.txt 2010-12-15 09:19

ComboFix3.txt 2010-07-27 18:05

Pre-Run: 246,530,002,944 bytes free

Post-Run: 246,485,213,184 bytes free

- - End Of File - - 08A16BEB2EE9487CE96864401A92CB61

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=70371

Collect::[8]
c:\windows\system32\dnsexty.exe

RenV::
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask .exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Ukpon"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Ok here is what came up...

Just curious... helping me takes your time and effort. What's in it for you? ..or you're just a nice guy :rolleyes:

ComboFix 10-12-15.06 - Irvine2 12/17/2010 1:38.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2462 [GMT -8:00]

Running from: c:\users\Irvine2\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Irvine2\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Iasex.dll

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Ias

((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))

.

2010-12-17 09:50 . 2010-12-17 10:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2010-12-17 09:50 . 2010-12-17 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-16 06:30 . 2010-12-16 06:30 -------- d-----w- C:\_OTL

2010-12-09 13:59 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4AFFA4B-7FA0-4C58-B4AB-84CBAF364416}\mpengine.dll

2010-12-07 21:29 . 2010-12-07 21:29 -------- d-----w- c:\program files\Xvid

2010-12-07 21:29 . 2009-06-08 00:25 77824 ----a-w- c:\windows\system32\xvid.ax

2010-12-07 21:29 . 2009-06-08 00:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-12-07 21:29 . 2009-06-08 00:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-12-01 19:02 . 2010-12-01 19:02 -------- d-----w- c:\programdata\Malwarebytes

2010-12-01 19:02 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-01 19:02 . 2010-12-17 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-01 19:02 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-01 05:34 . 2010-12-01 06:51 -------- d-----w- c:\programdata\Rosetta Stone

2010-12-01 05:34 . 2010-12-01 05:34 -------- d-----w- c:\program files\Rosetta Stone

2010-12-01 05:24 . 2010-12-01 05:34 -------- d-----w- c:\program files\PPLive

2010-11-30 20:17 . 2010-11-30 20:17 -------- d-----w- c:\windows\JMCR_DIR

2010-11-30 20:16 . 2010-11-30 20:16 -------- d-----w- c:\windows\system32\SDA

2010-11-30 20:16 . 2008-10-23 01:42 110080 ----a-w- c:\windows\system32\JmCrIcon.dll

2010-11-30 18:39 . 2010-11-30 18:40 -------- d-----w- C:\PERSONAL

2010-11-30 03:27 . 2010-12-06 22:55 -------- d-----w- c:\users\Irvine2

2010-11-29 03:16 . 2010-11-29 03:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WhiteSmokeSetup

2010-11-29 03:01 . 2010-11-29 03:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe

2010-11-29 01:05 . 2010-11-29 03:16 -------- d-----w- c:\program files\InstallShield Installation Information

2010-11-29 01:04 . 2010-11-29 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\{0663C824-425C-487A-8C12-F9D56C874B94}

2010-11-29 00:23 . 2010-11-29 10:07 -------- d-----w- c:\program files\mIRC

2010-11-24 11:44 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-24 05:43 . 2010-11-24 05:43 -------- d-----w- c:\program files\KONGDISK

2010-11-24 00:03 . 2010-12-16 18:16 -------- d-----w- c:\programdata\FLEXnet

2010-11-23 19:47 . 2010-11-24 00:34 -------- d-----w- C:\gameconsole

2010-11-23 17:44 . 2010-11-23 17:44 -------- d-----w- c:\windows\SQL9_KB970892_ENU

2010-11-23 17:42 . 2010-11-23 17:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2010-11-23 01:02 . 2010-11-23 01:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET

2010-11-23 00:50 . 2010-11-23 00:50 -------- d-----w- c:\programdata\{3473CE33-F2D3-4077-85C4-AFC591C06EF7}

2010-11-23 00:50 . 2010-11-23 00:51 -------- d-----w- c:\program files\Stamps.com Internet Postage

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\programdata\AIM

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\program files\AIM

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-11-22 22:09 . 2010-11-22 22:09 -------- d-----w- c:\program files\Common Files\AOL

2010-11-22 19:16 . 2010-11-22 19:16 -------- d-----w- c:\windows\en

2010-11-22 19:15 . 2010-11-22 19:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-22 19:12 . 2010-11-22 19:15 -------- d-----w- c:\program files\Windows Live

2010-11-22 19:07 . 2010-11-23 22:16 -------- d-----w- c:\program files\Microsoft Silverlight

2010-11-22 19:06 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2010-11-22 19:06 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-11-22 19:04 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-11-22 19:04 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-11-22 19:04 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-11-22 19:02 . 2010-11-22 19:10 -------- d-----w- c:\program files\Canon

2010-11-22 19:02 . 2010-11-22 19:02 -------- d-----w- c:\program files\Common Files\Windows Live

2010-11-21 12:42 . 2010-11-21 12:43 -------- d-----w- c:\program files\GrabIt

2010-11-20 12:36 . 2010-11-20 12:36 -------- d-----w- c:\program files\P2 Games

2010-11-20 12:27 . 2008-10-15 14:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2010-11-20 12:27 . 2008-10-15 14:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2010-11-20 12:27 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2010-11-20 12:16 . 2010-11-21 07:34 -------- d-----w- c:\program files\Sid Meier's Civilization V

2010-11-20 04:58 . 2010-11-20 04:58 -------- d-----w- c:\program files\ePSXe

2010-11-20 04:46 . 2008-07-10 19:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-11-20 04:38 . 2010-12-01 03:11 -------- d-----w- c:\program files\uTorrent

2010-11-19 23:29 . 2010-11-19 23:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2010-11-19 23:28 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-11-19 23:23 . 2010-11-19 23:29 -------- d-----w- c:\program files\Common Files\Adobe

2010-11-19 22:19 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-11-19 22:19 . 2008-11-10 19:41 32656 ----a-w- c:\windows\system32\msonpmon.dll

2010-11-19 22:18 . 2010-11-23 17:50 -------- d-----w- c:\program files\Microsoft Works

2010-11-19 22:14 . 2010-11-19 22:14 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-11-19 22:13 . 2010-12-15 20:24 -------- d-----w- c:\programdata\Microsoft Help

2010-11-19 22:00 . 2010-11-19 22:00 -------- d-----w- c:\program files\Alcohol Soft

2010-11-19 20:07 . 2010-11-19 20:07 -------- d-----w- c:\windows\PCHEALTH

2010-11-19 20:06 . 2010-11-30 18:27 -------- d-----w- c:\programdata\inFlow Inventory

2010-11-19 19:49 . 2010-11-19 19:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-11-19 18:08 . 2010-11-19 22:17 -------- d-----w- c:\program files\Microsoft.NET

2010-11-19 18:04 . 2010-11-19 18:04 -------- d-----w- c:\windows\system32\Wat

2010-11-19 09:50 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-19 09:48 . 2009-11-25 20:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-19 09:48 . 2009-11-25 20:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-19 09:48 . 2009-11-25 20:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-19 09:48 . 2009-11-25 20:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-19 09:48 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-19 09:35 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-11-19 09:35 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-11-19 09:34 . 2010-11-23 17:44 -------- d-----w- c:\program files\Microsoft SQL Server

2010-11-19 09:31 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-11-19 09:31 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-11-19 09:31 . 2010-11-19 09:31 -------- d-----w- c:\program files\Business Objects

2010-11-19 09:31 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

2010-11-19 09:29 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe

2010-11-19 09:29 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-11-19 09:29 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-11-19 09:29 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-19 09:29 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-11-19 09:29 . 2010-09-08 04:27 859648 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2010-11-19 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-11-19 09:27 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-11-19 09:27 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-11-19 09:27 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-11-19 09:27 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-19 09:27 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-11-19 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-11-19 09:27 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-11-19 09:27 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-11-19 09:26 . 2010-11-19 20:13 -------- d-----w- c:\program files\inFlow Inventory

2010-11-19 09:21 . 2010-11-19 09:21 -------- d-----w- c:\program files\MozBackup

2010-11-19 09:20 . 2010-12-15 05:38 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-11-19 09:17 . 2010-11-19 09:17 -------- d-----w- c:\program files\Common Files\Skype

2010-11-19 09:17 . 2010-11-19 09:17 -------- d-----r- c:\program files\Skype

2010-11-19 09:16 . 2010-11-19 09:16 -------- d-----w- c:\programdata\Skype

2010-11-19 09:15 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-11-19 09:15 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-11-19 09:15 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-19 09:14 . 2010-11-19 09:14 -------- d-----w- c:\program files\UlisesSoft

2010-11-19 09:06 . 2010-12-15 08:04 -------- d-----w- c:\program files\ESET

2010-11-19 08:52 . 2010-11-19 08:52 -------- dc----w- c:\windows\system32\DRVSTORE

2010-11-19 08:52 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-11-19 08:52 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\program files\Apple Software Update

2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer

2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\program files\Bonjour

2010-11-19 08:49 . 2010-11-19 08:50 -------- d-----w- c:\programdata\Apple

2010-11-19 08:49 . 2010-11-19 08:52 -------- d-----w- c:\program files\Common Files\Apple

2010-11-19 08:48 . 2010-12-15 08:05 -------- d-sh--w- c:\windows\Installer

2010-11-19 08:37 . 2010-11-19 08:37 -------- d-----w- c:\program files\VideoLAN

2010-11-19 08:36 . 2010-06-18 17:52 18499623 ----a-w- c:\temp\vlc-1.0.5-win32.exe

2010-11-19 08:36 . 2009-10-21 01:49 904137 ----a-w- c:\temp\ESET NOD32 Antivirus Business Edition 4.2.35.0\NodLogin.10c-UlisesSoft\nl10c_64bits\setup.exe

2010-11-19 08:36 . 2009-10-21 01:38 397265 ----a-w- c:\temp\ESET NOD32 Antivirus Business Edition 4.2.35.0\NodLogin.10c-UlisesSoft\nl10c_32bits\setup.exe

2010-11-19 08:36 . 2009-09-10 22:43 2333974 ----a-w- c:\temp\ESET NOD32 Antivirus Business Edition 4.2.35.0\NodEnabler.v3.2.4\setupX64.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 20:23 . 2010-10-07 20:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-09-28 23:44 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-28 23:44 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-23 08:47 . 2010-09-23 08:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-23 08:32 . 2010-09-23 08:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 22:03 . 2010-09-21 22:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-19 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-19 691696]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]

S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

------- Supplementary Scan -------

.

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} - hxxp://patch.kongdisk.com/install/KongdiskCtrl.cab

FF - ProfilePath - c:\users\Irvine2\AppData\Roaming\Mozilla\Firefox\Profiles\n8yijkhs.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: ST9500325AS rev.0002SPM1 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll >>UNKNOWN [0x86266446]<<

c:\windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Company Mobile Data Protection System

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8626c504]; MOV EAX, [0x8626c580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82A3E458] -> \Device\Harddisk0\DR0[0x86248030]

3 CLASSPNP[0x8B4DE59E] -> ntkrnlpa!IofCallDriver[0x82A3E458] -> [0x86247798]

5 hpdskflt[0x8B4900BE] -> ntkrnlpa!IofCallDriver[0x82A3E458] -> \IdeDeviceP2T0L0-4[0x86097908]

\Driver\atapi[0x86254F38] -> IRP_MJ_CREATE -> 0x86266446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9500325AS_____________________________0002SPM1#5&6098b8e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

copy of MBR has been found in sector 9 !

sectors 976773166 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,24,3b,ff,fd,c2,a6,4f,ba,b5,ca,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,24,3b,ff,fd,c2,a6,4f,ba,b5,ca,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\WUDFHost.exe

.

**************************************************************************

.

Completion time: 2010-12-17 02:10:16 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-17 10:10

ComboFix2.txt 2010-12-16 19:37

ComboFix3.txt 2010-12-15 09:19

ComboFix4.txt 2010-07-27 18:05

Pre-Run: 246,395,174,912 bytes free

Post-Run: 246,245,830,656 bytes free

- - End Of File - - 2B3358C43037B5EA2B3884FB9281324D

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.