Jump to content

White Smoke Rundll Error


Recommended Posts

mbam_log_2010_12_08__06_34_47_.txt

Thanks in advance. I'm not an expert so please bear with me. I use XP Pro.

Two PUP.White Smoke icons appeared in program files along with WatchTV on desktop. Some media began playing by itself that prompted my checking program files. Uninstalled the two programs with Add or Remove. After that, "Rundll error loading - ocewayew.dll - The specified module could not be found" always appears at startup. Also, "Generic Host Process for Win32 Services has encounterd a problem and needs to close" comes up often and freezes my computer. After reading some of this stuff in the forums it sounds like when I uninstalled, some required dll files went with it.

Other symptoms, among many, include constant redirects, unresponsiveness and very slow speed. Basically, computer stops working. I shut down manually with the power button, as necessary, then start up with periodic success. Currently in Safe Mode Networking.

Scanned with Malwarebytes, 12/8 log attached shows WhiteSmoke and a swarm of other virus. Also attaching today's 12/23 scan with Malwarebytes and Ad-Aware. Computer lock up problem is getting worse.

I also have Norton Symantec Antivirus, Super Antivirus, & TDSSKiller (which doesn't seem to do much). After I get though this mess, I plan to backup onto my new external HD. Am I right to assume it should not be done in its current infested condition? I'm fearing I'll lose everything any minute.

The problems described by sp60 on Dec. 1, 2010 at 11:35pm (assisted by Negster22) sound very similar. Looks like I shouild not run ComboFix unsupervised - if that's the solution.

Aloha from Hawaii - 80 degrees but raining and experiencing harsh winter weather ... Moonshadow.

mbam_log_2010_12_23__14_11_40_.txt

Ad_Aware_Log_101223.txt

Link to post
Share on other sites

Hello moonshadow

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Hi Kahdah: I will follow-up with you on your instructions.

Thanks for your quick reply. moonshadow

=====================

Hello moonshadow

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Hi Kahdah:

It appears the reply I just wrote did not post so I'll try again. The OTT results are shown below. However, after successfully saving the second scan program you referred as This File (GMER?), I was unable to start it. Message showed it is "not a valid Win32 application." I did not choose to Run it as your instructions were to save it and disconnect from Internet.

FYI, afer scanning with OTL, I uninstalled ParetoLogic PC Health Advisor with Add/Remove. Kapersky TDSSKILLER was deleted, not uninstalled, becasue it never showed up in program files to enable use of Add/Remove. It was originally saved to another folder. If deleting it poses a potential problem and needs to be recovered, it's still in my Recycle Bin. I did not see how to disable these two programs temporarily and did not want conflicts with the second scan - which was not to be afterall.

Below are the OTL logs - OTL.txt is followed by Extras.txt.

Looking forward to your reply,

moonshadow.

=======================================

OTL logfile created on: 12/26/2010 11:28:05 PM - Run 1

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\sshiigi\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.75 Gb Total Space | 158.80 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: DFB69GJ1 | User Name: sshiigi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sshiigi\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.)

PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\sshiigi\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (STacSV) -- c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.)

SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)

SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)

SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101225.007\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101225.007\NAVENG.SYS (Symantec Corporation)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)

DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)

DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (CCIDFILTER) -- C:\WINDOWS\system32\drivers\ccidflt.sys (Broadcom Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (OA001Ufd) -- C:\WINDOWS\system32\drivers\OA001Ufd.sys (Creative Technology Ltd.)

DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.)

DRV - (OA001Afx) -- C:\WINDOWS\system32\drivers\OA001Afx.sys (Creative Technology Ltd.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)

DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)

DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )

DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-114-0-1UPWK

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4

FF - prefs.js..extensions.enabledItems: {B810E866-A450-426B-96CC-5C6E8FAF3695}:1.9.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 1072

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/27 09:25:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 20:18:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{B810E866-A450-426B-96CC-5C6E8FAF3695}: C:\Documents and Settings\sshiigi\Local Settings\Application Data\{B810E866-A450-426B-96CC-5C6E8FAF3695} [2010/12/08 00:13:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 10:52:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/20 05:48:54 | 000,000,000 | ---D | M]

[2010/05/02 23:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Extensions

[2010/05/02 23:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/12/08 12:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions

[2010/07/15 06:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/02 23:58:28 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/09/26 03:20:53 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}

[2010/12/08 00:12:37 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\searchplugins\bing-zugo.xml

[2010/12/08 12:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/05 10:52:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/28 11:09:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/07/18 20:02:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2010/04/01 07:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/04/01 07:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/01/16 19:17:04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2009/05/21 11:33:58 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/04/01 07:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/01/22 00:31:16 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/04/01 05:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/04/01 05:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/04/01 05:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/04/01 05:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/04/01 05:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/04/01 05:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/04/01 05:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)

O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Tnogatevihepa] C:\WINDOWS\ocewayew.DLL File not found

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\sshiigi\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\sshiigi\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cbci.local

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 11:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{e6fcd6ff-deb6-11de-a7ad-00216a2a458c}\Shell - "" = AutoRun

O33 - MountPoints2\{e6fcd6ff-deb6-11de-a7ad-00216a2a458c}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e6fcd6ff-deb6-11de-a7ad-00216a2a458c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: clicsc - (C:\WINDOWS\system32\findgman.dll) - C:\WINDOWS\System32\findgman.dll File not found

O36 - AppCertDlls: drviutou - (C:\WINDOWS\system32\cacltson.dll) - C:\WINDOWS\System32\cacltson.dll File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 23:24:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sshiigi\Desktop\OTL.exe

[2010/12/08 13:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Application Data\DriverCure

[2010/12/08 13:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Application Data\ParetoLogic

[2010/12/08 13:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic

[2010/12/08 13:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic

[2010/12/08 13:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2010/12/08 13:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\My Documents\Downloads

[2010/12/08 00:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\{B810E866-A450-426B-96CC-5C6E8FAF3695}

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sshiigi\Application Data\*.tmp files -> C:\Documents and Settings\sshiigi\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/26 23:30:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job

[2010/12/26 23:24:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sshiigi\Desktop\OTL.exe

[2010/12/26 23:08:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/26 23:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/26 23:03:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/26 23:02:41 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Microsoft Office Word 2003.lnk

[2010/12/26 22:52:34 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Outlook 2003.lnk

[2010/12/26 22:50:17 | 000,467,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/12/26 22:50:17 | 000,080,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/12/26 22:49:21 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\sshiigi\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[2010/12/26 22:49:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\WavXMapDrive.bat

[2010/12/26 22:49:06 | 000,190,150 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/12/26 22:49:05 | 000,056,478 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/12/26 22:48:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/26 22:10:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/12/26 22:10:57 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Fri ).job

[2010/12/26 22:09:24 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\FBPWDG.job

[2010/12/26 22:09:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/26 22:08:58 | 2134,794,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/23 12:12:35 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/21 22:35:16 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/12/21 22:35:16 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/19 02:26:41 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job

[2010/12/17 01:38:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job

[2010/12/15 20:09:04 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/12/12 18:00:02 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job

[2010/12/08 17:35:51 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/12/08 13:29:04 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\ParetoLogic PC Health Advisor.lnk

[2010/12/08 13:29:03 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job

[2010/12/08 00:14:13 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Watch TV.lnk

[2010/12/08 00:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Opomipihaxiqexe.bin

[2010/12/08 00:13:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Egeneqaco.dat

[2010/12/07 23:20:41 | 000,167,424 | RHS- | M] () -- C:\WINDOWS\System32\vbisurfa.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sshiigi\Application Data\*.tmp files -> C:\Documents and Settings\sshiigi\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/24 09:27:45 | 2134,794,240 | -HS- | C] () -- C:\hiberfil.sys

[2010/12/21 22:35:16 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/12/08 13:29:14 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job

[2010/12/08 13:29:04 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\sshiigi\Desktop\ParetoLogic PC Health Advisor.lnk

[2010/12/08 13:29:03 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job

[2010/12/08 13:29:02 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job

[2010/12/08 13:29:02 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job

[2010/12/08 00:13:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Opomipihaxiqexe.bin

[2010/12/08 00:13:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Egeneqaco.dat

[2010/12/08 00:13:21 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\sshiigi\Desktop\Watch TV.lnk

[2010/12/07 23:20:41 | 000,167,424 | RHS- | C] () -- C:\WINDOWS\System32\vbisurfa.dll

[2010/12/07 23:20:41 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\FBPWDG.job

[2009/12/01 11:01:29 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt

[2009/11/28 13:21:52 | 000,009,366 | ---- | C] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft Access.EML

[2009/09/08 19:49:28 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/03/30 03:03:22 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\fusioncache.dat

[2009/03/29 23:41:50 | 000,004,856 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009/03/09 12:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/03/08 03:12:09 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/06 16:42:03 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\setup.txt

[2009/03/06 16:42:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\WavXMapDrive.bat

[2009/03/06 16:31:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/03/06 16:03:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/02/27 11:11:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/02/27 11:11:15 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/02/27 11:11:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/02/27 11:11:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/02/27 11:09:53 | 000,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009/02/27 10:04:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/02/27 09:52:02 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/02/27 09:38:15 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll

[2009/02/27 09:35:53 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2008/08/15 04:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/07/28 14:03:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll

[2008/06/13 07:18:56 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll

[2008/06/13 07:18:56 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll

[2008/06/13 07:18:54 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll

[2008/06/13 07:18:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll

[2008/06/13 07:18:52 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2008/06/13 07:18:52 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2008/06/13 07:18:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2008/06/13 07:18:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2008/06/13 07:18:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2008/06/13 07:18:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2008/06/13 07:18:48 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2008/06/13 07:18:46 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2008/06/13 07:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2008/06/13 07:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2008/06/13 07:18:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2008/06/13 07:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll

[2008/05/30 05:38:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2008/05/30 05:38:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll

[2008/05/30 05:37:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2008/05/30 05:37:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2008/05/30 05:37:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2008/05/30 05:37:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll

[2008/05/30 05:37:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll

[2008/05/30 05:37:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll

[2008/05/30 05:37:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2008/05/30 05:37:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll

[2008/05/30 05:37:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2008/05/30 05:37:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2008/05/30 05:37:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2008/05/30 05:37:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2008/05/30 05:37:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2008/05/14 13:40:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2008/04/25 11:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 06:16:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/04/25 06:16:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/04/25 06:16:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/04/25 06:16:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/04/25 06:16:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2008/04/24 23:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/03/18 09:02:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll

[2008/02/25 08:04:48 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2007/09/28 14:07:15 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll

[2007/09/27 06:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 06:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 06:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/04/19 01:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/04/19 01:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

[2006/08/14 07:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2006/06/30 08:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2006/06/30 08:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2006/06/12 04:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2004/09/10 08:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/09/10 08:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/02/27 09:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T

[2009/02/27 09:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems

[2010/12/08 13:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/03/07 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company

[2010/09/26 03:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4

[2009/02/27 09:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

[2010/08/31 19:51:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

[2010/09/06 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\2569B96C89F290D3DF29334220D8A3AD

[2010/12/08 13:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\DriverCure

[2010/12/08 13:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\ParetoLogic

[2009/02/27 10:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Wave Systems Corp

[2009/02/27 09:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Windows Desktop Search

[2009/03/07 12:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Windows Search

[2010/12/26 22:10:57 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (Fri ).job

[2010/12/26 22:10:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/12/26 22:09:24 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\FBPWDG.job

[2010/12/12 18:00:02 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job

[2010/12/17 01:38:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

[2010/12/08 13:29:03 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job

[2010/12/19 02:26:41 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

[2010/12/26 23:30:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job

========== Purity Check ==========

< End of report >

++++++++++++++++++++++++++++++++++++++++++++++++++

OTL Extras logfile created on: 12/26/2010 11:28:05 PM - Run 1

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\sshiigi\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.75 Gb Total Space | 158.80 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: DFB69GJ1 | User Name: sshiigi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"c:\documents and settings\sshiigi\local settings\application data\asam.exe" = c:\documents and settings\sshiigi\local settings\application data\asam.exe:*:Enabled:enable -- File not found

"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan

"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy

"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax

"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare

"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp

"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration

"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14

"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3393CDDB-27F0-4869-BED4-BE478598F0FF}" = Dell Control Point

"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour

"{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext

"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager

"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor

"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus

"{4D523D94-C637-4C49-89FD-5B8FFB071D76}" = Dell ControlPoint Connection Manager

"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"{558B86E5-CFAC-447C-99EE-5BB1C068706D}" = NTRU TCG Software Stack

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects

"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery

"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update

"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations

"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent

"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm

"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}" = Wave Infrastructure Installer

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

Hi Kahdah:

After saving GMER, disconnecting Internet, and attempting to OPEN, I continued to get the same message that this file "is not a valid Win32 application." This time after disabling real-time active protection again (in MalwareBytes, Symantec, Ad-Aware, and Super Anti-Virus), instead of disconnecting Internet, I selected RUN right after downloading GMER and it started.

After reviewing a similar Malwaraebytes post from RPMcMurphy to Daisy Mae on Whitesmoke and using GMER, I saw it had similar instructions to download and save GMER but no specific direction to disconnect IE. I also unchecked IAT/EAT and saved the log as a .TXT file instead of .LOG. These were the only differences from your instructions. It did offer other solutions to running GMER in the event of trouble starting it which, fortunately, I did not need.

Thanks, moonshadow.

Here's the log:

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-27 12:21:45

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0085

Running: GMER4 r44tfmnx.exe; Driver: C:\DOCUME~1\sshiigi\LOCALS~1\Temp\uwdoapog.sys

---- System - GMER 1.0.15 ----

SSDT 896E4DE0 ZwConnectPort

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA4C77DC0]

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA4C78020]

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA499E0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92DE380, 0x381B8D, 0xE8000020]

init C:\WINDOWS\system32\Drivers\OA001Afx.sys entry point in "init" section [0xB444A310]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A

.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A

.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C

.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00EB000A

.text C:\WINDOWS\System32\svchost.exe[1516] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B0000A

.text C:\WINDOWS\Explorer.EXE[2836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 040C000A

.text C:\WINDOWS\Explorer.EXE[2836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 040D000A

.text C:\WINDOWS\Explorer.EXE[2836] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 03CE000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E4000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E3000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DE000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DF000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A4000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\system32\SearchIndexer.exe[3860] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DF000A

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E0000A

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DE000C

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4384] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2250BJ_FFS_G2________________0085001C#4&11fcf6bd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O4 - HKLM..\Run: [Tnogatevihepa] C:\WINDOWS\ocewayew.DLL File not found
    O36 - AppCertDlls: clicsc - (C:\WINDOWS\system32\findgman.dll) - C:\WINDOWS\System32\findgman.dll File not found
    O36 - AppCertDlls: drviutou - (C:\WINDOWS\system32\cacltson.dll) - C:\WINDOWS\System32\cacltson.dll File not found
    [2010/12/08 00:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Opomipihaxiqexe.bin
    [2010/12/08 00:13:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Egeneqaco.dat


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

===========

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O4 - HKLM..\Run: [Tnogatevihepa] C:\WINDOWS\ocewayew.DLL File not found
    O36 - AppCertDlls: clicsc - (C:\WINDOWS\system32\findgman.dll) - C:\WINDOWS\System32\findgman.dll File not found
    O36 - AppCertDlls: drviutou - (C:\WINDOWS\system32\cacltson.dll) - C:\WINDOWS\System32\cacltson.dll File not found
    [2010/12/08 00:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Opomipihaxiqexe.bin
    [2010/12/08 00:13:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Egeneqaco.dat


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

===========

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Kahdah: OTL & TDSSKILLER logs below. Thanks, moonshadow.

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Tnogatevihepa deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\clicsc:C:\WINDOWS\system32\findgman.dll deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\drviutou:C:\WINDOWS\system32\cacltson.dll deleted successfully.

C:\WINDOWS\Opomipihaxiqexe.bin moved successfully.

C:\WINDOWS\Egeneqaco.dat moved successfully.

OTL by OldTimer - Version 3.2.18.0 log created on 12272010_145026

===========TDSSKILLER======================================

2010/12/27 14:55:15.0000 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/27 14:55:15.0000 ================================================================================

2010/12/27 14:55:15.0000 SystemInfo:

2010/12/27 14:55:15.0000

2010/12/27 14:55:15.0000 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/27 14:55:15.0000 Product type: Workstation

2010/12/27 14:55:15.0000 ComputerName: DFB69GJ1

2010/12/27 14:55:15.0000 UserName: sshiigi

2010/12/27 14:55:15.0000 Windows directory: C:\WINDOWS

2010/12/27 14:55:15.0000 System windows directory: C:\WINDOWS

2010/12/27 14:55:15.0000 Processor architecture: Intel x86

2010/12/27 14:55:15.0000 Number of processors: 2

2010/12/27 14:55:15.0000 Page size: 0x1000

2010/12/27 14:55:15.0000 Boot type: Normal boot

2010/12/27 14:55:15.0000 ================================================================================

2010/12/27 14:55:15.0296 Initialize success

2010/12/27 14:55:20.0500 ================================================================================

2010/12/27 14:55:20.0500 Scan started

2010/12/27 14:55:20.0500 Mode: Manual;

2010/12/27 14:55:20.0500 ================================================================================

2010/12/27 14:55:21.0156 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/12/27 14:55:21.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/27 14:55:21.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/27 14:55:21.0375 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/12/27 14:55:21.0515 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/27 14:55:21.0562 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys

2010/12/27 14:55:21.0734 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/27 14:55:21.0828 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/12/27 14:55:21.0875 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/12/27 14:55:21.0921 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/12/27 14:55:22.0000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/12/27 14:55:22.0078 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/12/27 14:55:22.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/12/27 14:55:22.0234 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/12/27 14:55:22.0265 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/12/27 14:55:22.0312 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/12/27 14:55:22.0437 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/12/27 14:55:22.0546 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/27 14:55:22.0593 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/12/27 14:55:22.0640 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/12/27 14:55:22.0687 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/12/27 14:55:22.0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/27 14:55:22.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/27 14:55:23.0062 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/27 14:55:23.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/27 14:55:23.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/27 14:55:23.0406 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/12/27 14:55:23.0562 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/12/27 14:55:23.0671 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/12/27 14:55:23.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/27 14:55:23.0906 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/27 14:55:24.0031 CCIDFILTER (d006b6a67b8daed85e6d91783e9b45d6) C:\WINDOWS\system32\DRIVERS\ccidflt.sys

2010/12/27 14:55:24.0156 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/12/27 14:55:24.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/27 14:55:24.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/27 14:55:24.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/27 14:55:24.0687 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/27 14:55:24.0750 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/12/27 14:55:24.0812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/27 14:55:24.0921 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/12/27 14:55:25.0062 cvusbdrv (dc6429fbc73b0b0b38cc5386c8a607ed) C:\WINDOWS\system32\Drivers\cvusbdrv.sys

2010/12/27 14:55:25.0140 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/12/27 14:55:25.0312 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/12/27 14:55:25.0468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/27 14:55:25.0531 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2010/12/27 14:55:25.0578 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2010/12/27 14:55:25.0625 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/12/27 14:55:25.0656 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2010/12/27 14:55:25.0703 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2010/12/27 14:55:25.0734 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2010/12/27 14:55:25.0765 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2010/12/27 14:55:25.0796 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2010/12/27 14:55:25.0828 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2010/12/27 14:55:25.0984 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2010/12/27 14:55:26.0078 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/27 14:55:26.0187 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/27 14:55:26.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/27 14:55:26.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/27 14:55:26.0484 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/12/27 14:55:26.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/27 14:55:26.0640 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/12/27 14:55:26.0781 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/12/27 14:55:26.0828 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys

2010/12/27 14:55:26.0937 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/27 14:55:27.0000 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/27 14:55:27.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/27 14:55:27.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/27 14:55:27.0234 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/27 14:55:27.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/27 14:55:27.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/12/27 14:55:27.0515 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2010/12/27 14:55:27.0781 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/27 14:55:27.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/27 14:55:28.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/27 14:55:28.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/27 14:55:28.0781 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/27 14:55:29.0109 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/12/27 14:55:29.0296 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/12/27 14:55:29.0328 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/12/27 14:55:29.0437 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/12/27 14:55:29.0609 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/27 14:55:29.0671 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/12/27 14:55:29.0812 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/12/27 14:55:29.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/27 14:55:29.0968 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys

2010/12/27 14:55:30.0062 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/27 14:55:30.0171 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/12/27 14:55:30.0265 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/27 14:55:30.0343 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/27 14:55:30.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/12/27 14:55:30.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/27 14:55:30.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/27 14:55:30.0671 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/27 14:55:30.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/27 14:55:30.0875 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/27 14:55:30.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/27 14:55:31.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/27 14:55:31.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/27 14:55:31.0234 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/27 14:55:31.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/27 14:55:31.0484 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/12/27 14:55:31.0531 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/12/27 14:55:31.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/27 14:55:31.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/27 14:55:31.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/27 14:55:31.0875 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/27 14:55:31.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/27 14:55:32.0031 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/12/27 14:55:32.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/27 14:55:32.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/27 14:55:32.0281 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/27 14:55:32.0437 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/27 14:55:32.0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/27 14:55:32.0578 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/27 14:55:32.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/27 14:55:32.0734 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/27 14:55:32.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/27 14:55:32.0859 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/27 14:55:32.0937 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys

2010/12/27 14:55:33.0140 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101225.007\naveng.sys

2010/12/27 14:55:33.0234 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101225.007\navex15.sys

2010/12/27 14:55:33.0375 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/27 14:55:33.0546 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/27 14:55:33.0625 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/27 14:55:33.0734 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/27 14:55:33.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/27 14:55:33.0859 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/27 14:55:33.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/27 14:55:33.0937 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/27 14:55:34.0218 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

2010/12/27 14:55:34.0359 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/27 14:55:34.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/27 14:55:34.0531 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/27 14:55:34.0734 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/12/27 14:55:34.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/27 14:55:35.0203 nv (25167771f5afad71808b0080fe4f2312) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/12/27 14:55:35.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/27 14:55:35.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/27 14:55:35.0703 OA001Afx (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA001Afx.sys

2010/12/27 14:55:35.0828 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys

2010/12/27 14:55:36.0000 OA001Vid (438ffcb55b8ce39b0bc71afc0a059835) C:\WINDOWS\system32\DRIVERS\OA001Vid.sys

2010/12/27 14:55:36.0109 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/27 14:55:36.0218 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/12/27 14:55:36.0250 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/27 14:55:36.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/27 14:55:36.0343 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

2010/12/27 14:55:36.0406 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2010/12/27 14:55:36.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/27 14:55:36.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/27 14:55:36.0609 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/27 14:55:36.0765 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/12/27 14:55:36.0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/12/27 14:55:36.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/27 14:55:36.0890 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/27 14:55:36.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/27 14:55:36.0968 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/27 14:55:37.0031 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/12/27 14:55:37.0109 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/12/27 14:55:37.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/12/27 14:55:37.0296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/12/27 14:55:37.0375 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/12/27 14:55:37.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/27 14:55:37.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/27 14:55:37.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/27 14:55:37.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/27 14:55:37.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/27 14:55:37.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/27 14:55:38.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/27 14:55:38.0125 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/27 14:55:38.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/27 14:55:38.0375 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/12/27 14:55:38.0453 s24trans (1f950f97dbf5e0ba4fbbfaf074d3b47c) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/12/27 14:55:38.0546 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/12/27 14:55:38.0625 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2010/12/27 14:55:38.0703 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2010/12/27 14:55:38.0828 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/12/27 14:55:38.0875 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/12/27 14:55:39.0031 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/12/27 14:55:39.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/27 14:55:39.0187 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/27 14:55:39.0218 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/27 14:55:39.0296 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/12/27 14:55:39.0359 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/12/27 14:55:39.0390 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/27 14:55:39.0484 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/12/27 14:55:39.0593 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/27 14:55:39.0750 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/12/27 14:55:39.0890 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/12/27 14:55:39.0953 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/27 14:55:40.0109 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/27 14:55:40.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/27 14:55:40.0375 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys

2010/12/27 14:55:40.0609 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/27 14:55:40.0703 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/27 14:55:40.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/27 14:55:40.0937 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/12/27 14:55:41.0015 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/12/27 14:55:41.0125 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS

2010/12/27 14:55:41.0187 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2010/12/27 14:55:41.0281 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2010/12/27 14:55:41.0328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/12/27 14:55:41.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/12/27 14:55:41.0421 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/27 14:55:41.0531 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/27 14:55:41.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/27 14:55:41.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/27 14:55:41.0703 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/27 14:55:41.0812 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/12/27 14:55:41.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/27 14:55:41.0921 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/12/27 14:55:41.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/27 14:55:42.0015 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/27 14:55:42.0125 USBCCID (150442fa5224dc338028543e2fffa7b4) C:\WINDOWS\system32\DRIVERS\usbccid.sys

2010/12/27 14:55:42.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/27 14:55:42.0218 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/27 14:55:42.0281 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/27 14:55:42.0312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/27 14:55:42.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/27 14:55:42.0390 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/27 14:55:42.0468 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/12/27 14:55:42.0546 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/27 14:55:42.0625 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/12/27 14:55:42.0703 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/12/27 14:55:42.0765 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/27 14:55:42.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/27 14:55:42.0890 WavxDMgr (0be8dd6c95c5bdff9c5f3fa8095d304c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

2010/12/27 14:55:42.0968 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/12/27 14:55:43.0109 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/27 14:55:43.0218 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/12/27 14:55:43.0312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/12/27 14:55:43.0343 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/27 14:55:43.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/27 14:55:43.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/27 14:55:43.0468 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/27 14:55:43.0468 ================================================================================

2010/12/27 14:55:43.0468 Scan finished

2010/12/27 14:55:43.0468 ================================================================================

2010/12/27 14:55:43.0484 Detected object count: 1

2010/12/27 14:56:13.0015 \HardDisk0 - will be cured after reboot

2010/12/27 14:56:13.0015 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/27 14:59:41.0515 Deinitialize success

Link to post
Share on other sites

Great getting somewhere now. :lol:

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Link to post
Share on other sites

Kahdah: Forwarding MBAM & ESET logs.

Thanks, moonshadow.

===========MBAM=============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5408

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/28/2010 9:07:48 AM

mbam-log-2010-12-28 (09-07-48).txt

Scan type: Quick scan

Objects scanned: 238332

Time elapsed: 26 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

================ESET========================

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\794c7ca5-11ad51b7 multiple threats deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\6fc286d-227730d6 multiple threats deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\4dd10b4-59cf2483 multiple threats deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\575d3075-7ac0b987 multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\16\2cc4dd90-7933aa0f a variant of Java/TrojanDownloader.Agent.NAC trojan deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\16\f69fe10-44e980db multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\29\319c585d-775c1d7d multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\30\1e0f289e-2f00b597 multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\30\727f761e-215dead4 multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\46\21e9fc6e-4f776d9b multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Application Data\Sun\Java\Deployment\cache\6.0\55\299b51f7-26e11580 multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Local Settings\Temp\jar_cache4705091636698424523.tmp multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Local Settings\Temp\jar_cache5938277036832171975.tmp a variant of Java/TrojanDownloader.OpenStream.NAV trojan deleted - quarantined

C:\Documents and Settings\sshiigi\Local Settings\Temp\jar_cache6562701831297435282.tmp multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Local Settings\Temp\jar_cache6651129088505318894.tmp multiple threats deleted - quarantined

C:\Documents and Settings\sshiigi\Local Settings\Temp\jar_cache8575800165646983185.tmp a variant of Java/TrojanDownloader.OpenStream.NAV trojan deleted - quarantined

C:\Documents and Settings\sshiigi\Local Settings\Temp\jar_cache9124112662499921013.tmp Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined

Link to post
Share on other sites

Kahdah: Running like a champ! My whole family is grateful to you.

1.) The WatchTV icon is still hanging around my desktop even though I uninstalled White Smoke with Add/Remove the first day it appeared. I think WatchTV is associated with White Smoke. Shoud I just delete this?

2.) Cicero U WindFrame - End Program - Not responding popped up during shutdown. No particular issues though.

I'm going to get the full version of Malwarebytes for real time protection. I'd like a disc but haven't found a retailer for it in Honolulu. I know you can order a disc direct from MB but you have to buy the download first. If I download on-line and burn a copy, will it work the same as one out of the box?

With resources like this forum. I'm now a believer in the company.

Again, thank you very much. moonshadow

Here's the OTL log.

OTL logfile created on: 12/29/2010 10:59:50 PM - Run 3

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\sshiigi\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.75 Gb Total Space | 158.71 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

Computer Name: DFB69GJ1 | User Name: sshiigi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sshiigi\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.)

PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\sshiigi\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (STacSV) -- c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.)

SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)

SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)

SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101229.004\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101229.004\NAVENG.SYS (Symantec Corporation)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)

DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)

DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (CCIDFILTER) -- C:\WINDOWS\system32\drivers\ccidflt.sys (Broadcom Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (OA001Ufd) -- C:\WINDOWS\system32\drivers\OA001Ufd.sys (Creative Technology Ltd.)

DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.)

DRV - (OA001Afx) -- C:\WINDOWS\system32\drivers\OA001Afx.sys (Creative Technology Ltd.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)

DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)

DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )

DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-114-0-1UPWK

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4

FF - prefs.js..extensions.enabledItems: {B810E866-A450-426B-96CC-5C6E8FAF3695}:1.9.1

FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 1072

FF - HKLM\software\mozilla\Firefox\extensions\\{B810E866-A450-426B-96CC-5C6E8FAF3695}: C:\Documents and Settings\sshiigi\Local Settings\Application Data\{B810E866-A450-426B-96CC-5C6E8FAF3695} [2010/12/08 00:13:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 10:52:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/20 05:48:54 | 000,000,000 | ---D | M]

[2010/05/02 23:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Extensions

[2010/12/08 12:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions

[2010/07/15 06:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/02 23:58:28 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/09/26 03:20:53 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}

[2010/12/08 00:12:37 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\searchplugins\bing-zugo.xml

[2010/12/08 12:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/28 11:09:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)

O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\sshiigi\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\sshiigi\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cbci.local

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 11:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{e6fcd6ff-deb6-11de-a7ad-00216a2a458c}\Shell - "" = AutoRun

O33 - MountPoints2\{e6fcd6ff-deb6-11de-a7ad-00216a2a458c}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e6fcd6ff-deb6-11de-a7ad-00216a2a458c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 19:49:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010/12/27 19:48:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[2010/12/27 14:50:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/12/27 14:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Desktop\tdsskiller 2

[2010/12/26 23:24:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sshiigi\Desktop\OTL.exe

[2010/12/08 13:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Application Data\DriverCure

[2010/12/08 13:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Application Data\ParetoLogic

[2010/12/08 13:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2010/12/08 13:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\My Documents\Downloads

[2010/12/08 00:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\{B810E866-A450-426B-96CC-5C6E8FAF3695}

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sshiigi\Application Data\*.tmp files -> C:\Documents and Settings\sshiigi\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/29 23:01:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job

[2010/12/29 22:25:52 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Outlook 2003.lnk

[2010/12/29 22:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/29 14:58:54 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Disk Defragmenter.LNK

[2010/12/29 09:17:09 | 000,467,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/12/29 09:17:09 | 000,080,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/12/29 09:15:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/12/29 09:15:03 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Fri ).job

[2010/12/29 09:13:06 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\sshiigi\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[2010/12/29 09:12:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\WavXMapDrive.bat

[2010/12/29 09:12:15 | 000,056,478 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/12/29 09:12:11 | 000,190,150 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/12/29 09:11:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/29 09:11:09 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\FBPWDG.job

[2010/12/29 09:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/29 09:10:47 | 2134,794,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/28 08:29:14 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Microsoft Office Word 2003.lnk

[2010/12/28 08:05:46 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2010/12/27 23:23:12 | 000,341,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/27 23:21:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/27 23:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/27 14:35:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/27 14:28:06 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\tdsskiller 2.zip

[2010/12/27 11:57:29 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\GMER4 r44tfmnx.exe

[2010/12/27 10:54:02 | 000,189,571 | ---- | M] () -- C:\scwhg94n.exe

[2010/12/26 23:24:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sshiigi\Desktop\OTL.exe

[2010/12/23 12:12:35 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/21 22:35:16 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/12/21 22:35:16 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/15 20:09:04 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/12/08 17:35:51 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/12/08 00:14:13 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\sshiigi\Desktop\Watch TV.lnk

[2010/12/07 23:20:41 | 000,167,424 | RHS- | M] () -- C:\WINDOWS\System32\vbisurfa.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sshiigi\Application Data\*.tmp files -> C:\Documents and Settings\sshiigi\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/27 14:28:01 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\sshiigi\Desktop\tdsskiller 2.zip

[2010/12/27 11:57:27 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\sshiigi\Desktop\GMER4 r44tfmnx.exe

[2010/12/27 10:54:00 | 000,189,571 | ---- | C] () -- C:\scwhg94n.exe

[2010/12/24 09:27:45 | 2134,794,240 | -HS- | C] () -- C:\hiberfil.sys

[2010/12/21 22:35:16 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/12/08 00:13:21 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\sshiigi\Desktop\Watch TV.lnk

[2010/12/07 23:20:41 | 000,167,424 | RHS- | C] () -- C:\WINDOWS\System32\vbisurfa.dll

[2010/12/07 23:20:41 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\FBPWDG.job

[2009/12/01 11:01:29 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt

[2009/11/28 13:21:52 | 000,009,366 | ---- | C] () -- C:\Documents and Settings\sshiigi\Application Data\Microsoft Access.EML

[2009/09/08 19:49:28 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/03/30 03:03:22 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\fusioncache.dat

[2009/03/29 23:41:50 | 000,004,856 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009/03/09 12:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/03/08 03:12:09 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/06 16:42:03 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\setup.txt

[2009/03/06 16:42:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sshiigi\Local Settings\Application Data\WavXMapDrive.bat

[2009/03/06 16:31:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/03/06 16:03:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/02/27 11:11:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/02/27 11:11:15 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/02/27 11:11:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/02/27 11:11:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/02/27 11:09:53 | 000,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009/02/27 10:04:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/02/27 09:52:02 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/02/27 09:38:15 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll

[2009/02/27 09:35:53 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2008/08/15 04:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/07/28 14:03:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll

[2008/06/13 07:18:56 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll

[2008/06/13 07:18:56 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll

[2008/06/13 07:18:54 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll

[2008/06/13 07:18:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll

[2008/06/13 07:18:52 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2008/06/13 07:18:52 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2008/06/13 07:18:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2008/06/13 07:18:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2008/06/13 07:18:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2008/06/13 07:18:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2008/06/13 07:18:48 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2008/06/13 07:18:46 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2008/06/13 07:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2008/06/13 07:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2008/06/13 07:18:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2008/06/13 07:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll

[2008/05/30 05:38:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2008/05/30 05:38:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll

[2008/05/30 05:37:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2008/05/30 05:37:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2008/05/30 05:37:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2008/05/30 05:37:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll

[2008/05/30 05:37:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll

[2008/05/30 05:37:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll

[2008/05/30 05:37:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2008/05/30 05:37:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll

[2008/05/30 05:37:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2008/05/30 05:37:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2008/05/30 05:37:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2008/05/30 05:37:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2008/05/30 05:37:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2008/05/14 13:40:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2008/04/25 11:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/24 23:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/03/18 09:02:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll

[2008/02/25 08:04:48 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2007/09/28 14:07:15 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll

[2007/09/27 06:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 06:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 06:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/04/19 01:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/04/19 01:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

[2006/08/14 07:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2006/06/30 08:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2006/06/30 08:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2006/06/12 04:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2004/09/10 08:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/09/10 08:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

Link to post
Share on other sites

You are welcome :)

1.) The WatchTV icon is still hanging around my desktop even though I uninstalled White Smoke with Add/Remove the first day it appeared. I think WatchTV is associated with White Smoke. Shoud I just delete this?
Yes it is just a shortcut.
2.) Cicero U WindFrame - End Program - Not responding popped up during shutdown. No particular issues though.
Seems to be related to Outlook do you use that?

You can avoid it by closing outlook before shutting the system down.

I'm going to get the full version of Malwarebytes for real time protection. I'd like a disc but haven't found a retailer for it in Honolulu. I know you can order a disc direct from MB but you have to buy the download first. If I download on-line and burn a copy, will it work the same as one out of the box?
All versions of the installer are the same none come pre activated.

It would be the same.

=====================

Please open up Notepad and copy all of the items in the code box below.

Change the "Save As Type" to "All Files". Save it as fix.reg on your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Now double-click fix.reg.

A window will come up asking if you want to let it merge with the registry.

Click yes.

After that you can delete that file.

===============

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.