malware help [Archive] - Safer-Networking Forums

View Full Version : malware help

thomto

2011-02-15, 17:07

Hello,
I've got an infected computer. Spybot found huntbar.stoolbar several times and also expoit.pdf. Now it will not find anthing. I have also ran Malwarebytes' Anti-Malware among others and no luck. Computer runs real slow and Internet Explorer keeps redirecting to other search pages. It all started on 2-6-2011.

Here's the DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Thomas Toth at 9:04:45.29 on Tue 02/15/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1555 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Common Files\AOL\1131431821\ee\AOLSoftware.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Thomas Toth\My Documents\Virus Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - Adobe PDF Reader Link Helper
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe
mRun: [HostManager] c:\program files\common files\aol\1131431821\ee\AOLSoftware.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
mPolicies-explorer: <NO NAME> =
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Google Search
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB}
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229659317890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - hxxp://install.wildtangent.com/cda/islandrally/ActiveLauncher/CDA_AL.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
TCP: {B5D9B996-2C31-4718-B52F-EB2A4E0020DE} = 205.188.146.145
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\micros~4\CENetFlt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMdAQkj
LSA: Notification Packages = scecli c:\windows\system32\zabunego.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 xcttgm;BNC adapter;c:\windows\system32\xcttgm.sys --> c:\windows\system32\xcttgm.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-16 517448]

=============== Created Last 30 ================

2011-02-14 14:57:05 178832 ----a-w- c:\documents and settings\thomas toth\FxWebsch.exe
2011-02-14 02:54:49 388608 ----a-w- c:\documents and settings\thomas toth\HijackThis.exe
2011-02-12 00:00:44 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{a0f062fb-aebf-4e61-a9cb-a146f5859692}\mpengine.dll
2011-02-10 23:31:13 87552 ----a-w- c:\windows\system32\VACFix.exe
2011-02-10 23:31:13 82944 ----a-w- c:\windows\system32\IEDFix.exe
2011-02-10 23:31:13 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2011-02-10 23:31:13 82432 ----a-w- c:\windows\system32\404Fix.exe
2011-02-10 23:31:13 80384 ----a-w- c:\windows\system32\o4Patch.exe
2011-02-10 23:31:13 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2011-02-10 23:31:13 53248 ----a-w- c:\windows\system32\Process.exe
2011-02-08 21:40:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-08 00:22:54 -------- d-----w- c:\program files\Hunt Bar . Stoolbar Removal Tool [1]
2011-02-06 19:36:16 -------- d-----w- C:\ComboFix
2011-02-06 19:36:15 389120 ----a-w- c:\windows\system32\CF31391.exe
2011-02-06 19:34:49 389120 ----a-w- c:\windows\system32\CF31110.exe
2011-02-06 18:13:09 -------- d-----w- c:\docume~1\thomas~1\locals~1\applic~1\Yahoo
2011-02-06 18:11:07 -------- d-----w- c:\docume~1\thomas~1\applic~1\AVG10
2011-02-06 18:04:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-06 18:04:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 18:03:41 -------- d-----w- c:\program files\iTunes
2011-02-06 14:24:46 -------- d-----w- c:\docume~1\thomas~1\locals~1\applic~1\AskToolbar
2011-02-05 05:51:36 -------- d-----w- c:\program files\iTunes(3)
2011-01-23 18:48:40 -------- d-----w- c:\program files\SlySoft
2011-01-23 18:46:48 304920 ----a-w- c:\documents and settings\thomas toth\SoftonicDownloader_for_clonecd.exe
2011-01-23 14:00:50 -------- d-----w- c:\program files\DVD Decrypter
2011-01-23 13:27:09 899414 ----a-w- c:\documents and settings\thomas toth\SetupDVDDecrypter_3.5.4.0.exe
2011-01-22 23:50:43 -------- d-----w- c:\program files\EasyDVDClone
2011-01-22 23:46:25 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2011-01-22 23:46:08 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-01-22 23:39:12 1853399 ----a-w- c:\documents and settings\thomas toth\EasyDVDClonec.exe
2011-01-22 23:34:52 2977913 ----a-w- c:\documents and settings\thomas toth\FlyDVDCopier49.exe
2011-01-21 21:28:05 86016 ----a-w- c:\windows\unvise32.exe
2011-01-21 21:28:04 -------- d-----w- c:\program files\Savings Bond Wizard
2011-01-19 00:38:11 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-01-19 00:37:42 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-01-19 00:37:19 -------- d-----w- c:\windows\Logs

==================== Find3M ====================

2011-02-15 00:10:20 206 ----a-w- c:\windows\system32\bbdecfabcf_g.dll
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120023A rev.3.33 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5FD85C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a603a38]; MOV EAX, [0x8a603ab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A67AAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A4BE228]
\Driver\atapi[0x8A679860] -> IRP_MJ_CREATE -> 0x8A5FD85C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3120023A______________________________3.33____#4b33314137484259202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5FD6A2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 9:10:20.43 ===============
spybot results

DoubleClick: Tracking cookie (Internet Explorer: Thomas Toth) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2011-02-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-02-08 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-02-08 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-25 Includes\TrojansC-04.sbi (*)
2011-02-07 Includes\TrojansC-05.sbi (*)
2011-02-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thanks
Tom

ken545

2011-02-17, 01:16

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Your infected with a Rootkit

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

thomto

2011-02-17, 14:01

Hi ken545
Here is the log. Thanks

2011/02/17 06:32:46.0859 0712 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/17 06:32:47.0109 0712 ================================================================================
2011/02/17 06:32:47.0109 0712 SystemInfo:
2011/02/17 06:32:47.0109 0712
2011/02/17 06:32:47.0109 0712 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/17 06:32:47.0109 0712 Product type: Workstation
2011/02/17 06:32:47.0109 0712 ComputerName: D2567T21
2011/02/17 06:32:47.0109 0712 UserName: Thomas Toth
2011/02/17 06:32:47.0109 0712 Windows directory: C:\WINDOWS
2011/02/17 06:32:47.0109 0712 System windows directory: C:\WINDOWS
2011/02/17 06:32:47.0109 0712 Processor architecture: Intel x86
2011/02/17 06:32:47.0109 0712 Number of processors: 1
2011/02/17 06:32:47.0109 0712 Page size: 0x1000
2011/02/17 06:32:47.0109 0712 Boot type: Normal boot
2011/02/17 06:32:47.0109 0712 ================================================================================
2011/02/17 06:32:47.0625 0712 Initialize success
2011/02/17 06:32:54.0078 4016 ================================================================================
2011/02/17 06:32:54.0078 4016 Scan started
2011/02/17 06:32:54.0078 4016 Mode: Manual;
2011/02/17 06:32:54.0078 4016 ================================================================================
2011/02/17 06:32:57.0937 4016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/02/17 06:32:58.0187 4016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/17 06:32:58.0375 4016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/17 06:32:58.0531 4016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/02/17 06:32:58.0718 4016 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/02/17 06:32:58.0890 4016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/17 06:32:59.0062 4016 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/17 06:32:59.0265 4016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/17 06:32:59.0453 4016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/02/17 06:32:59.0609 4016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/02/17 06:32:59.0796 4016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/02/17 06:32:59.0968 4016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/02/17 06:33:00.0140 4016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/02/17 06:33:00.0343 4016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/02/17 06:33:00.0468 4016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/02/17 06:33:00.0609 4016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/02/17 06:33:00.0796 4016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/02/17 06:33:00.0953 4016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/02/17 06:33:01.0140 4016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/02/17 06:33:01.0359 4016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/17 06:33:01.0515 4016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/17 06:33:01.0828 4016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/17 06:33:01.0953 4016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/17 06:33:02.0125 4016 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/17 06:33:02.0390 4016 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/17 06:33:02.0546 4016 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/17 06:33:02.0718 4016 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/02/17 06:33:02.0859 4016 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/17 06:33:03.0031 4016 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/17 06:33:03.0171 4016 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/17 06:33:03.0359 4016 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/02/17 06:33:03.0578 4016 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/02/17 06:33:03.0796 4016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/17 06:33:04.0046 4016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/02/17 06:33:04.0312 4016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/17 06:33:04.0484 4016 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/17 06:33:04.0593 4016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/02/17 06:33:04.0890 4016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/17 06:33:05.0031 4016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/17 06:33:05.0218 4016 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/02/17 06:33:05.0421 4016 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/02/17 06:33:05.0593 4016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/17 06:33:05.0812 4016 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/02/17 06:33:06.0140 4016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/02/17 06:33:06.0421 4016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/02/17 06:33:06.0765 4016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/02/17 06:33:06.0953 4016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/02/17 06:33:07.0390 4016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/17 06:33:07.0609 4016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/17 06:33:08.0093 4016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/17 06:33:08.0468 4016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/17 06:33:08.0765 4016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/17 06:33:09.0062 4016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/02/17 06:33:09.0203 4016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/17 06:33:09.0734 4016 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/17 06:33:10.0093 4016 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/17 06:33:10.0546 4016 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/02/17 06:33:11.0109 4016 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/17 06:33:11.0687 4016 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/02/17 06:33:11.0890 4016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/17 06:33:12.0171 4016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/17 06:33:12.0453 4016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/17 06:33:12.0843 4016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/17 06:33:13.0171 4016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/17 06:33:13.0609 4016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/17 06:33:13.0781 4016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/17 06:33:14.0140 4016 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/17 06:33:14.0609 4016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/17 06:33:15.0000 4016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/17 06:33:15.0234 4016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/17 06:33:15.0468 4016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/02/17 06:33:15.0593 4016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/17 06:33:15.0765 4016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/17 06:33:15.0937 4016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/02/17 06:33:16.0140 4016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/17 06:33:16.0406 4016 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/02/17 06:33:16.0609 4016 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/02/17 06:33:16.0765 4016 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/02/17 06:33:16.0937 4016 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/02/17 06:33:17.0156 4016 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/02/17 06:33:17.0359 4016 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/02/17 06:33:17.0515 4016 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/02/17 06:33:17.0703 4016 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/02/17 06:33:17.0875 4016 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/02/17 06:33:18.0031 4016 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/02/17 06:33:18.0203 4016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/17 06:33:18.0406 4016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/02/17 06:33:18.0546 4016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/02/17 06:33:18.0718 4016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/17 06:33:18.0937 4016 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/17 06:33:19.0250 4016 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/02/17 06:33:19.0656 4016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/17 06:33:19.0843 4016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/17 06:33:20.0046 4016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/17 06:33:20.0375 4016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/17 06:33:20.0859 4016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/17 06:33:21.0046 4016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/17 06:33:21.0234 4016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/17 06:33:21.0437 4016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/17 06:33:21.0703 4016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/17 06:33:21.0968 4016 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/02/17 06:33:22.0359 4016 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/02/17 06:33:22.0500 4016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/17 06:33:22.0703 4016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/17 06:33:22.0906 4016 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/17 06:33:23.0109 4016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/17 06:33:23.0312 4016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/17 06:33:23.0500 4016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/17 06:33:23.0640 4016 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
2011/02/17 06:33:23.0906 4016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/02/17 06:33:24.0187 4016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/17 06:33:24.0562 4016 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/17 06:33:24.0906 4016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/17 06:33:25.0109 4016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/17 06:33:25.0875 4016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/17 06:33:26.0328 4016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/17 06:33:26.0578 4016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/17 06:33:26.0781 4016 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/17 06:33:26.0953 4016 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/17 06:33:27.0046 4016 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/02/17 06:33:27.0234 4016 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/17 06:33:27.0625 4016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/17 06:33:27.0781 4016 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/17 06:33:27.0921 4016 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/17 06:33:28.0093 4016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/17 06:33:28.0250 4016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/17 06:33:28.0453 4016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/17 06:33:28.0625 4016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/17 06:33:28.0781 4016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/17 06:33:29.0031 4016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/17 06:33:29.0203 4016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/17 06:33:29.0562 4016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/17 06:33:29.0828 4016 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/17 06:33:30.0062 4016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/17 06:33:30.0250 4016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/17 06:33:30.0515 4016 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/02/17 06:33:30.0890 4016 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys
2011/02/17 06:33:31.0218 4016 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/02/17 06:33:31.0562 4016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/17 06:33:31.0750 4016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/17 06:33:31.0906 4016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/17 06:33:32.0218 4016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/17 06:33:32.0515 4016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/17 06:33:32.0718 4016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/17 06:33:33.0140 4016 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/17 06:33:33.0937 4016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/02/17 06:33:34.0093 4016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/02/17 06:33:34.0281 4016 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/02/17 06:33:34.0625 4016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/17 06:33:34.0937 4016 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/17 06:33:35.0234 4016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/17 06:33:35.0437 4016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/17 06:33:35.0609 4016 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/02/17 06:33:35.0781 4016 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/17 06:33:35.0953 4016 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/02/17 06:33:36.0140 4016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/02/17 06:33:36.0437 4016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/02/17 06:33:36.0609 4016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/02/17 06:33:36.0781 4016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/02/17 06:33:36.0937 4016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/02/17 06:33:37.0265 4016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/17 06:33:37.0718 4016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/17 06:33:37.0921 4016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/17 06:33:38.0156 4016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/17 06:33:38.0484 4016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/17 06:33:38.0671 4016 RDPCDD (b050bda7147f357f38f5e79576c40552) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/17 06:33:38.0843 4016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/17 06:33:39.0046 4016 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/17 06:33:39.0343 4016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/17 06:33:39.0500 4016 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/02/17 06:33:39.0718 4016 SbcpHid (e803dc6dc2fc999d0b8bdb3de1b28659) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/02/17 06:33:40.0046 4016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/17 06:33:40.0265 4016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/17 06:33:40.0484 4016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/17 06:33:40.0718 4016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/17 06:33:41.0187 4016 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/02/17 06:33:41.0906 4016 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/17 06:33:42.0171 4016 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/17 06:33:42.0859 4016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/02/17 06:33:43.0062 4016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/17 06:33:43.0359 4016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/17 06:33:43.0609 4016 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/17 06:33:43.0859 4016 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/17 06:33:44.0062 4016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/17 06:33:44.0234 4016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/17 06:33:44.0500 4016 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/02/17 06:33:44.0765 4016 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/02/17 06:33:45.0125 4016 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/02/17 06:33:45.0453 4016 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/02/17 06:33:45.0656 4016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/17 06:33:45.0968 4016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/17 06:33:46.0156 4016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/17 06:33:46.0359 4016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/17 06:33:46.0718 4016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/17 06:33:47.0156 4016 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/02/17 06:33:47.0468 4016 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/02/17 06:33:47.0609 4016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/17 06:33:47.0812 4016 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/02/17 06:33:48.0046 4016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/17 06:33:48.0250 4016 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/17 06:33:48.0750 4016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/17 06:33:48.0921 4016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/17 06:33:49.0062 4016 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/17 06:33:49.0203 4016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/17 06:33:49.0375 4016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/17 06:33:49.0468 4016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/17 06:33:49.0546 4016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/17 06:33:49.0703 4016 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/02/17 06:33:49.0890 4016 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/02/17 06:33:50.0078 4016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/17 06:33:50.0250 4016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/17 06:33:50.0375 4016 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/17 06:33:50.0515 4016 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/17 06:33:50.0750 4016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/17 06:33:50.0984 4016 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/17 06:33:51.0140 4016 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/17 06:33:51.0328 4016 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/17 06:33:51.0593 4016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/17 06:33:51.0796 4016 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/17 06:33:51.0968 4016 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/17 06:33:51.0968 4016 ================================================================================
2011/02/17 06:33:51.0968 4016 Scan finished
2011/02/17 06:33:51.0968 4016 ================================================================================
2011/02/17 06:33:52.0000 2032 Detected object count: 1
2011/02/17 06:35:46.0843 2032 \HardDisk0 - will be cured after reboot
2011/02/17 06:35:46.0843 2032 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/17 06:35:57.0234 3476 Deinitialize success

ken545

2011-02-17, 14:41

hi,

Your hard disk was infected with a rootkit, after a reboot it should be gone.

Run these in order please and post the log from Malwarebytes and the log from OTL

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

thomto

2011-02-17, 16:39

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5784

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/17/2011 9:18:48 AM
mbam-log-2011-02-17 (09-18-48).txt

Scan type: Quick scan
Objects scanned: 196979
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 2/17/2011 9:22:15 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Thomas Toth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 37.74 Gb Free Space | 33.77% Space Free | Partition Type: NTFS

Computer Name: D2567T21 | User Name: Thomas Toth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Thomas Toth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\aol\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
PRC - C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Thomas Toth\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\nview.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\SYSTEM32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll (Fellowes, Inc.)
MOD - C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll (ScanSoft, Inc)

========== Win32 Services (SafeList) ==========

SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (6to4) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\ACS\AOLacsd.exe (AOL LLC)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (RDPCDD) -- C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.sys ()
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (mr7910) -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys (Mars Semiconductor Corp.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (IPFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys (Microsoft Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 08:17:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/02/10 17:33:58 | 000,430,633 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14828 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\aol\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} Reg Error: Value error. (BrowseFolderPopup Class)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229659317890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} http://install.wildtangent.com/cda/islandrally/ActiveLauncher/CDA_AL.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (DwnldGroupMgr Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/MSC3.cab (Measurement Services Client v.3.12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab? (Photo Upload Plugin Class)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Thomas Toth\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thomas Toth\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMdAQkj) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/09 18:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/17 08:56:59 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thomas Toth\Desktop\OTL.exe
[2011/02/17 08:55:47 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Thomas Toth\Desktop\ATF-Cleaner.exe
[2011/02/17 07:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/17 06:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Toth\Desktop\Tools
[2011/02/15 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/02/15 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/02/15 08:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/15 08:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/15 08:27:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thomas Toth\Recent
[2011/02/13 20:54:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Thomas Toth\HijackThis.exe
[2011/02/10 17:31:13 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/02/10 17:31:13 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/02/10 17:31:13 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/02/10 17:31:13 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/02/10 17:31:13 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/02/10 17:31:13 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/02/10 17:31:13 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/02/10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thomas Toth\Desktop\TDSSKiller.exe
[2011/02/09 05:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/02/08 15:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/02/08 15:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/02/08 00:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/02/07 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hunt Bar . Stoolbar Removal Tool [1]
[2011/02/07 18:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/06 17:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/06 17:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/06 13:36:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/06 13:36:15 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31391.exe
[2011/02/06 13:34:49 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31110.exe
[2011/02/06 12:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Toth\Local Settings\Application Data\Yahoo
[2011/02/06 12:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Toth\Application Data\AVG10
[2011/02/06 12:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/06 12:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/06 08:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Toth\Local Settings\Application Data\AskToolbar
[2011/02/06 08:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Toth\Application Data\Yahoo!
[2011/02/04 23:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)
[2011/01/24 15:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Toth\My Documents\wedding
[2011/01/24 09:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/01/23 12:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2011/01/23 08:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2011/01/23 07:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy DVD Clone
[2011/01/23 06:53:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/23 06:53:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/23 06:53:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/22 17:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/22 17:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDVDClone
[2011/01/22 17:46:25 | 000,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP
[2011/01/22 17:34:52 | 002,977,913 | ---- | C] (Magic DVD Software, Inc. ) -- C:\Documents and Settings\Thomas Toth\FlyDVDCopier49.exe
[2011/01/21 15:28:05 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2011/01/21 15:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Savings Bond Wizard
[2011/01/18 20:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/01/18 18:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2011/01/18 18:38:11 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/01/18 18:37:42 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/01/18 18:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/01/11 13:17:52 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/17 09:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/17 08:57:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thomas Toth\Desktop\OTL.exe
[2011/02/17 08:55:49 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Thomas Toth\Desktop\ATF-Cleaner.exe
[2011/02/17 06:49:38 | 000,089,810 | ---- | M] () -- C:\VETlog.dmp
[2011/02/17 06:45:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/17 06:45:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/17 06:37:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/02/17 06:37:48 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/17 06:33:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 06:31:15 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thomas Toth\Desktop\TDSSKiller.exe
[2011/02/17 06:24:24 | 106,349,959 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/16 07:53:00 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/02/15 11:18:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/14 18:10:20 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\bbdecfabcf_g.dll
[2011/02/14 18:10:20 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\abacaddec5_g.ocx
[2011/02/14 08:57:07 | 000,178,832 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\FxWebsch.exe
[2011/02/14 04:58:39 | 000,054,442 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\My Documents\cc_20110214_045824.reg
[2011/02/13 20:54:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Thomas Toth\HijackThis.exe
[2011/02/13 15:34:03 | 001,770,398 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\Bethbump.bmp
[2011/02/12 16:57:53 | 000,000,937 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/02/12 07:28:52 | 000,204,141 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/02/10 17:33:58 | 000,430,633 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/02/10 16:51:35 | 000,430,633 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110210-165420.backup
[2011/02/08 15:43:54 | 000,817,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/08 04:51:54 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/08 04:51:54 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\Desktop\Spybot - Search & Destroy.lnk
[2011/02/08 00:30:55 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/07 12:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/06 13:36:07 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31391.exe
[2011/02/06 13:34:41 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31110.exe
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/31 21:16:21 | 000,000,036 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2011/01/29 17:59:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/27 08:45:33 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/23 12:49:29 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/23 12:46:56 | 000,304,920 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\SoftonicDownloader_for_clonecd.exe
[2011/01/23 07:27:13 | 000,899,414 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\SetupDVDDecrypter_3.5.4.0.exe
[2011/01/22 17:39:15 | 001,853,399 | ---- | M] () -- C:\Documents and Settings\Thomas Toth\EasyDVDClonec.exe
[2011/01/22 17:34:58 | 002,977,913 | ---- | M] (Magic DVD Software, Inc. ) -- C:\Documents and Settings\Thomas Toth\FlyDVDCopier49.exe
[2011/01/19 18:40:15 | 000,025,601 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2011/01/18 20:00:35 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/14 13:28:44 | 2683,375,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/14 10:03:13 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\FxWebsch.log
[2011/02/14 08:57:05 | 000,178,832 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\FxWebsch.exe
[2011/02/14 04:58:28 | 000,054,442 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\My Documents\cc_20110214_045824.reg
[2011/02/13 20:58:16 | 000,015,991 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\hijackthis.log
[2011/02/13 20:45:15 | 000,002,233 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\reg.txt
[2011/02/13 15:34:03 | 001,770,398 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Bethbump.bmp
[2011/02/08 15:43:34 | 000,817,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/08 00:30:55 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/06 09:13:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/29 17:59:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/23 12:49:29 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/23 12:46:48 | 000,304,920 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\SoftonicDownloader_for_clonecd.exe
[2011/01/23 07:27:09 | 000,899,414 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\SetupDVDDecrypter_3.5.4.0.exe
[2011/01/22 17:39:12 | 001,853,399 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\EasyDVDClonec.exe
[2011/01/21 15:28:04 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Savings Bond Wizard.lnk
[2011/01/18 20:00:35 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2010/04/20 16:20:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2010/03/05 09:54:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/15 19:00:59 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/07/22 19:33:01 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameG.txt
[2009/04/15 22:24:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2009/04/02 21:20:46 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2009/01/22 23:13:30 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2009/01/17 15:45:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bbdecfabcf_g.dll
[2009/01/07 20:17:52 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ogmyifbb.ini
[2009/01/06 20:13:41 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\akxhlntu.ini
[2009/01/05 18:15:05 | 000,001,351 | -HS- | C] () -- C:\WINDOWS\System32\jkQAd1Moq.ini
[2008/12/25 21:43:35 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/12/18 08:41:31 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ohoyewel.ini
[2008/12/16 19:23:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wekhufek.dll
[2008/12/16 19:20:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mscudgoe.dll
[2008/12/14 22:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\qjvkjwjr.dll
[2008/12/14 22:12:03 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\YFOqAccf.ini2
[2008/12/14 20:31:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mtxjxc.dll
[2008/12/14 20:31:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cxvcqycc.dll
[2008/12/14 18:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\otppohtw.dll
[2008/12/14 16:45:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hxqrhs.dll
[2008/12/14 16:45:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\fwsywlye.dll
[2008/10/14 07:57:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/19 16:30:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/05/19 14:55:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/05/16 01:01:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 15:13:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/04/05 18:22:31 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/04/05 18:22:29 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/12/27 06:14:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2007/11/30 13:22:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/11/16 12:13:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/26 17:35:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 17:35:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 17:35:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/25 21:43:22 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/21 07:49:35 | 000,000,576 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/03/20 15:55:27 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/03 10:52:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2006/02/03 10:32:28 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/01/06 17:22:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2005/08/09 16:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/05 14:48:47 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2004/11/18 16:34:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/08/03 17:57:19 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2004/08/02 16:14:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/02 16:14:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/07/15 10:42:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2004/06/24 17:52:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/18 20:36:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/28 02:18:14 | 000,000,937 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/06 05:03:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2004/01/06 05:03:42 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2004/01/06 05:03:42 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2004/01/06 05:03:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/01/03 13:21:53 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Local Settings\Application Data\fusioncache.dat
[2003/10/03 19:31:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/29 10:45:48 | 000,000,062 | ---- | C] () -- C:\WINDOWS\einit.ini
[2003/09/19 10:56:34 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2003/06/11 08:51:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\earthlink.INI
[2003/06/11 08:09:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2003/06/05 09:53:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/05/21 17:38:55 | 000,074,048 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/05/20 20:27:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Local Settings\Application Data\FASTWiz.html
[2003/05/20 20:25:39 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Local Settings\Application Data\FASTWiz.log
[2003/05/19 06:49:33 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/05/17 15:08:45 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/05/17 15:08:45 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/17 14:52:22 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2003/05/17 14:33:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2003/05/17 08:07:34 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/05/16 14:21:45 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Application Data\PFP100JPR.{PB
[2003/05/16 14:21:45 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Thomas Toth\Application Data\PFP100JCM.{PB
[2003/05/12 20:10:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/12 19:59:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/05/12 19:59:40 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/12 19:57:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/05/12 19:57:32 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/05/12 19:57:32 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/05/12 19:57:32 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/05/12 19:57:32 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/05/12 19:57:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/05/12 19:57:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/05/12 19:57:05 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/05/12 19:54:04 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/05/12 19:30:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/09/03 10:56:02 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPCDD.sys
[2002/09/03 07:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/29 04:00:00 | 000,000,320 | ---- | C] () -- C:\WINDOWS\System32\83ghh.ini
[2002/06/13 13:58:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/06/13 13:58:44 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/06/13 13:58:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/06/13 13:58:24 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/06/10 13:16:22 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/11/19 19:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2001/03/20 16:29:04 | 000,036,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/04 19:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/02/06 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/16 09:35:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/02/05 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2009/11/15 18:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/10/13 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/16 09:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/12 08:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/10/16 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/05/27 09:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/05/27 09:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2003/05/17 14:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/04/07 23:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/02/08 16:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/13 04:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/29 16:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2004/12/10 13:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\Aim
[2011/02/06 12:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\AVG10
[2006/01/10 15:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\Canon
[2004/10/08 05:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\DaimlerOnline
[2003/06/08 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\FUJIFILM
[2005/11/11 01:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\Lycos
[2003/05/17 14:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\ScanSoft
[2003/05/24 18:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\The Labyrinth Plus! Edition
[2007/02/24 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\Viewpoint
[2005/04/12 17:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Toth\Application Data\WeatherBug

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0F6BF406092276E8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:411E1BE2

< End of report >

thomto

2011-02-17, 16:41

OTL Extras logfile created on: 2/17/2011 9:22:15 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Thomas Toth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 37.74 Gb Free Space | 33.77% Space Free | Partition Type: NTFS

Computer Name: D2567T21 | User Name: Thomas Toth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- (America Online, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Common Files\aol\ACS\AOLDial.exe" = C:\Program Files\Common Files\aol\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\ACS\AOLacsd.exe" = C:\Program Files\Common Files\aol\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12AEE067-4646-41E8-A6EA-FB2AD0E38D30}_is1" = Moyea PPT to DVD Burner Pro version 3.0.3.162
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DA6AB38-2876-4AE4-8236-24C2CF66601B}" = MediaFACE 4.0 Spiritual Image Library
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2462F296-EEF5-4690-8C12-CD9ED3DB1B16}" = TaxCut Indiana 2008
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39203477-F4E4-4E90-8472-116B2908B746}" = WinWay Resume Deluxe
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF551C00-1D66-45DB-A3A5-F097F635200E}" = TaxCut Indiana 2007
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BC019EBE-613F-491F-9A83-08E3E8A74CE6}" = EarthLink Free Trial
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library
"{E08BA611-5BB8-4AFC-BEE8-468D1AE5FFED}" = H&R Block Indiana 2009
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"{FB5055E4-9BE1-425F-B40A-33E43E9460DA}" = Sudoku
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}" = MediaFACE 4.0 Business Image Library
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AVG" = AVG 2011
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Call of Duty" = Call of Duty
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CANONBJ_Deinstall_CNMCP49.DLL" = Canon i550
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy CD Ripper" = Easy CD Ripper 2.27
"Easy DVD Clone" = Easy DVD Clone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"Flaming Lips" = Flaming Lips Screen Saver
"Half-Life" = Half-Life
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{1DA6AB38-2876-4AE4-8236-24C2CF66601B}" = MediaFACE 4.0 Spiritual Image Library
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"InstallShield_{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}" = MediaFACE 4.0 Business Image Library
"Jardinains!" = Jardinains!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Measurement Services Client" = Futuremark Measurement Services Client
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.2-05-07-27-01" = OpenMG Limited Patch 4.2-05-07-27-01
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoRecord" = Canon PhotoRecord
"Pos Free Photo Editor" = Pos Free Photo Editor
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"RegSupreme_is1" = RegSupreme
"Savings Bond Wizard" = Savings Bond Wizard
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SystemRequirementsLab" = System Requirements Lab
"TinyMediaConverter" = TinyMediaConverter 1.0.0.0
"UPCShell" = LeapFrog Connect
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Web Controls_is1" = Supportsoft Web Controls
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows CE Services" = Microsoft ActiveSync 3.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sudoku" = Sudoku

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2011 7:46:17 PM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17093, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/16/2011 10:40:50 PM | Computer Name = D2567T21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/17/2011 2:41:03 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/17/2011 2:41:04 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/17/2011 6:41:13 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/17/2011 8:32:41 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/17/2011 8:32:41 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/17/2011 8:32:41 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/17/2011 8:32:42 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/17/2011 8:32:42 AM | Computer Name = D2567T21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2/17/2011 2:20:21 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 2/17/2011 2:20:21 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 2/17/2011 8:20:26 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/17/2011 8:20:26 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 2/17/2011 8:20:26 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 2/17/2011 8:22:07 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 2/17/2011 8:22:07 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 2/17/2011 8:38:19 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/17/2011 8:38:19 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 2/17/2011 8:38:19 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

< End of report >

ken545

2011-02-17, 18:14

Hi,

Basically your log looks ok, just about a dozen or so questionable files. Lets run this free online virus scanner and see if it removes some or all of them and if not we will check them out and see if there really bad.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

thomto

2011-02-18, 13:36

Hi ken545, the computer seems to be running a lot better, no more IE redirects and quite a bit faster however ESET found quite a lot. Here's the log.
Thanks

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# waol.exe=9.00.003
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=3667051be98d12408705c8f8466a1046
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-18 07:21:51
# local_time=2011-02-18 01:21:51 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 40350952 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=170381
# found=24
# cleaned=24
# scan_time=6353
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntiVirusTrigger.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde24.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Kristy Toth\My Documents\Install_AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Thomas Toth\My Documents\Virus Tools\ComboFix.exe probably a variant of Win32/Agent.ETYBLXS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Thomas Toth\My Documents\Virus Tools\SmitfraudFix.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Thomas Toth\My Documents\Virus Tools\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Thomas Toth\My Documents\Virus Tools\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP962\A0122775.EXE Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\akxhlntu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\jkQAd1Moq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\ogmyifbb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\ohoyewel.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\YFOqAccf.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\CA2VKLYN Win32/Adware.SuperJuan application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\CA4HC5KZ Win32/Adware.SuperJuan application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ken545

2011-02-18, 13:48

Hi,

ESET remove a lot of what I was hoping it would but there are a few more we need to check.

Also what it found where files in Quarantine that Spybot removed, you can open spybot and go to the quarantine folder and remove it all.

There where also a file in System Restore but we will deal with that when were done, if you dont use System restore right not it cant hurt you.

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
[2011/02/10 16:51:35 | 000,430,633 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110210-165420.backup

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

thomto

2011-02-18, 15:52

I purged the files quarantined by spybot and ran the OTL fix. Here's the log.

All processes killed
========== OTL ==========
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20110210-165420.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Amy Toth
->Temp folder emptied: 61560749 bytes
->Temporary Internet Files folder emptied: 80401641 bytes
->Java cache emptied: 12819 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2833354 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Denise Toth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 499 bytes

User: Kristy Toth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 71949 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 13545 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 63522 bytes

User: Thomas Toth
->Temp folder emptied: 2763 bytes
->Temporary Internet Files folder emptied: 4422188 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1411 bytes

%systemdrive% .tmp files removed: 1111689 bytes
%systemroot% .tmp files removed: 3960095 bytes
%systemroot%\System32 .tmp files removed: 9121297 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28005 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 131979848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 45253 bytes
RecycleBin emptied: 1704 bytes

Total Files Cleaned = 282.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.6 log created on 02182011_082945

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

thomto

2011-02-18, 16:09

Here's the log from 2nd OTL scan.

All processes killed
========== OTL ==========
File C:\WINDOWS\System32\drivers\ETC\hosts.20110210-165420.backup not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Amy Toth
->Temp folder emptied: 3436 bytes
->Temporary Internet Files folder emptied: 2785055 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 623 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denise Toth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristy Toth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Thomas Toth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.6 log created on 02182011_085546

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ken545

2011-02-18, 18:20

Hi,

You posted the same log twice, what I would like you to do is to run OTL again ( NOT THE FIX ) Just run a new scan and post the log please

thomto

2011-02-18, 19:19

Should I select any options before I run it?(like the 1st time I ran it)

ken545

2011-02-18, 20:49

Yes, please do

You can skip the download part

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

thomto

2011-02-19, 07:10

OTL logfile created on: 2/18/2011 11:52:02 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Thomas Toth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 37.49 Gb Free Space | 33.55% Space Free | Partition Type: NTFS

Computer Name: D2567T21 | User Name: Amy Toth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Thomas Toth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Amy Toth\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\aol\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
PRC - C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Thomas Toth\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll (Fellowes, Inc.)
MOD - C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll (ScanSoft, Inc)

========== Win32 Services (SafeList) ==========

SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (6to4) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\ACS\AOLacsd.exe (AOL LLC)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (RDPCDD) -- C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.sys ()
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (mr7910) -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys (Mars Semiconductor Corp.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (IPFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys (Microsoft Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 08:17:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/02/18 08:55:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\aol\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Amy Toth\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2011/02/08 21:22:02 | 000,000,000 | ---D | M]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} Reg Error: Value error. (BrowseFolderPopup Class)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229659317890 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} http://install.wildtangent.com/cda/islandrally/ActiveLauncher/CDA_AL.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (DwnldGroupMgr Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/MSC3.cab (Measurement Services Client v.3.12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab? (Photo Upload Plugin Class)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amy Toth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amy Toth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMdAQkj) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/09 18:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eb40f28a-f28d-11de-a8b0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{eb40f28a-f28d-11de-a8b0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb40f28a-f28d-11de-a8b0-00038a000015}\Shell\AutoRun\command - "" = F:\PhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/18 08:29:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/17 22:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/15 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/02/15 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/02/15 08:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/15 08:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/14 20:31:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Amy Toth\Recent
[2011/02/10 17:31:13 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/02/10 17:31:13 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/02/10 17:31:13 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/02/10 17:31:13 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/02/10 17:31:13 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/02/10 17:31:13 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/02/09 05:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/02/08 15:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Local Settings\Application Data\Threat Expert
[2011/02/08 15:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/02/08 15:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/02/08 00:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/02/07 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hunt Bar . Stoolbar Removal Tool [1]
[2011/02/07 18:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/06 17:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/06 17:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/06 13:36:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/06 13:36:15 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31391.exe
[2011/02/06 13:34:49 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31110.exe
[2011/02/06 12:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/06 12:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/04 23:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)
[2011/01/28 15:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Local Settings\Application Data\PhotoChannel
[2011/01/24 09:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/01/23 12:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2011/01/23 08:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2011/01/23 08:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Start Menu\Programs\DVD Decrypter
[2011/01/23 07:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy DVD Clone
[2011/01/23 06:53:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/23 06:53:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/23 06:53:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/22 17:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Application Data\dvdcss
[2011/01/22 17:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/22 17:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDVDClone
[2011/01/22 17:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Local Settings\Application Data\MagicSoftware
[2011/01/22 17:46:25 | 000,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP
[2011/01/22 17:46:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.sys
[2011/01/22 17:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\My Documents\PcSetup
[2011/01/22 17:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Application Data\Vso
[2011/01/21 15:28:05 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2011/01/21 15:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Savings Bond Wizard
[2011/01/21 08:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2009/01/11 13:17:52 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2 C:\Documents and Settings\Amy Toth\My Documents\*.tmp files -> C:\Documents and Settings\Amy Toth\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/18 23:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 19:15:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/18 10:06:02 | 000,088,989 | ---- | M] () -- C:\VETlog.dmp
[2011/02/18 08:59:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/18 08:57:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/02/18 08:57:13 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/18 08:55:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/02/18 06:19:36 | 106,441,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/17 21:51:06 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Desktop\youtube.com-watchv=2Y3WoOlhp3M&feature=related.url
[2011/02/17 09:56:17 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/17 09:53:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/17 06:33:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/16 07:53:00 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/02/15 11:18:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/14 18:10:20 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\bbdecfabcf_g.dll
[2011/02/14 18:10:20 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\abacaddec5_g.ocx
[2011/02/13 15:17:07 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Desktop\Paint (2).lnk
[2011/02/12 16:57:53 | 000,000,937 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/02/12 07:28:52 | 000,204,141 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/02/08 15:43:54 | 000,817,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/08 00:30:55 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/07 12:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/06 13:36:07 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31391.exe
[2011/02/06 13:34:41 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31110.exe
[2011/02/04 23:47:58 | 082,089,256 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Amy Toth\My Documents\iTunesSetup.exe
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/02/02 10:41:52 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\Amy Toth\default.pls
[2011/01/31 21:16:21 | 000,000,036 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2011/01/29 17:59:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/29 13:25:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Amy Toth\My Documents\resumenew.doc
[2011/01/29 05:34:10 | 000,424,693 | ---- | M] () -- C:\Documents and Settings\Amy Toth\My Documents\P1290100.JPG
[2011/01/27 08:45:33 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/23 12:49:29 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/23 08:00:50 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2011/01/23 07:59:59 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy DVD Clone.lnk
[2011/01/22 17:46:08 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Application Data\inst.exe
[2011/01/22 17:46:08 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.sys
[2011/01/22 17:46:08 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.cat
[2011/01/22 17:46:08 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.inf
[2011/01/21 15:50:26 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\Amy Toth\My Documents\Denise sb.sbw.bak
[2011/01/21 15:50:26 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\Amy Toth\My Documents\Denise sb.sbw
[2011/01/21 15:28:04 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Amy Toth\Desktop\Savings Bond Wizard.lnk
[2011/01/21 08:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 08:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2 C:\Documents and Settings\Amy Toth\My Documents\*.tmp files -> C:\Documents and Settings\Amy Toth\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/17 09:44:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/14 13:28:44 | 2683,375,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/13 15:17:07 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Desktop\Paint (2).lnk
[2011/02/08 15:43:34 | 000,817,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/08 00:30:55 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/06 09:13:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/30 12:43:07 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Desktop\youtube.com-watchv=2Y3WoOlhp3M&feature=related.url
[2011/01/29 17:59:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/29 16:58:37 | 000,424,693 | ---- | C] () -- C:\Documents and Settings\Amy Toth\My Documents\P1290100.JPG
[2011/01/24 22:24:46 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Amy Toth\My Documents\resumenew.doc
[2011/01/23 12:49:29 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/23 08:00:50 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2011/01/23 07:59:59 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy DVD Clone.lnk
[2011/01/22 17:46:20 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.log
[2011/01/22 17:46:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\inst.exe
[2011/01/22 17:46:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.cat
[2011/01/22 17:46:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\pcouffin.inf
[2011/01/21 15:50:26 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\Amy Toth\My Documents\Denise sb.sbw.bak
[2011/01/21 15:50:26 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\Amy Toth\My Documents\Denise sb.sbw
[2011/01/21 15:28:04 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Savings Bond Wizard.lnk
[2011/01/21 15:28:04 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Desktop\Savings Bond Wizard.lnk
[2010/04/20 16:20:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2010/03/05 09:54:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/15 19:00:59 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/07/22 19:33:01 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameG.txt
[2009/04/15 22:24:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2009/04/02 21:20:46 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2009/01/22 23:13:30 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2009/01/17 15:45:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bbdecfabcf_g.dll
[2008/12/25 21:43:35 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/12/16 19:23:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wekhufek.dll
[2008/12/16 19:20:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mscudgoe.dll
[2008/12/14 22:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\qjvkjwjr.dll
[2008/12/14 20:31:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mtxjxc.dll
[2008/12/14 20:31:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cxvcqycc.dll
[2008/12/14 18:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\otppohtw.dll
[2008/12/14 16:45:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hxqrhs.dll
[2008/12/14 16:45:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\fwsywlye.dll
[2008/10/14 07:57:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/19 16:30:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/05/19 14:55:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/05/16 01:01:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 15:13:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/04/05 18:22:31 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/04/05 18:22:29 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/12/27 06:14:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2007/11/30 13:22:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/11/16 12:13:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/26 17:35:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 17:35:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 17:35:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/25 21:43:22 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/21 07:49:35 | 000,000,576 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/03/20 15:55:27 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/03 10:52:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2006/02/03 10:32:28 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/01/06 17:22:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2005/08/09 16:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/05 14:48:47 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2004/11/18 16:34:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/08/03 17:57:19 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2004/08/02 16:14:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/02 16:14:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/07/15 10:42:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2004/06/24 17:52:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/18 20:36:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/28 02:18:14 | 000,000,937 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/06 05:03:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2004/01/06 05:03:42 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2004/01/06 05:03:42 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2004/01/06 05:03:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/10/03 19:31:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/29 10:45:48 | 000,000,062 | ---- | C] () -- C:\WINDOWS\einit.ini
[2003/09/19 10:56:34 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2003/08/03 16:05:17 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/07/07 13:39:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\PFP100JPR.{PB
[2003/07/07 13:39:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Amy Toth\Application Data\PFP100JCM.{PB
[2003/06/11 08:51:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\earthlink.INI
[2003/06/11 08:09:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2003/06/05 09:53:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/05/21 17:38:55 | 000,074,048 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/05/17 15:08:45 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/05/17 15:08:45 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/17 14:52:22 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2003/05/17 14:33:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2003/05/17 08:07:34 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/05/12 20:10:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/12 19:59:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/05/12 19:59:40 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/12 19:57:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/05/12 19:57:32 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/05/12 19:57:32 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/05/12 19:57:32 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/05/12 19:57:32 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/05/12 19:57:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/05/12 19:57:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/05/12 19:57:05 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/05/12 19:54:04 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/05/12 19:30:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/09/03 10:56:02 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPCDD.sys
[2002/09/03 07:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/29 04:00:00 | 000,000,320 | ---- | C] () -- C:\WINDOWS\System32\83ghh.ini
[2002/06/13 13:58:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/06/13 13:58:44 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/06/13 13:58:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/06/13 13:58:24 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/06/10 13:16:22 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/11/19 19:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2001/03/20 16:29:04 | 000,036,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/04 19:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/02/06 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/16 09:35:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/02/05 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2009/11/15 18:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/10/13 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/16 09:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/12 08:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/10/16 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/05/27 09:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/05/27 09:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2003/05/17 14:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/04/07 23:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/02/08 16:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/13 04:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/29 16:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/02 11:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Aim
[2010/12/16 09:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\AVG10
[2011/01/25 17:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Canon
[2010/12/22 21:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Catalina Marketing Corp
[2009/06/18 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\FrmMain
[2003/05/26 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\FUJIFILM
[2006/06/28 21:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Lycos
[2008/10/18 10:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Moyea
[2008/05/19 14:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\pdf995
[2010/12/01 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\SanDisk
[2006/03/16 16:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\ScanSoft
[2010/04/12 08:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\TaxCut
[2003/05/16 15:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\The Labyrinth Plus! Edition
[2007/01/13 04:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Viewpoint
[2011/01/23 07:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\Vso
[2005/06/04 11:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Toth\Application Data\WeatherBug

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/01/22 23:28:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Amy Toth\Application Data\???????sAppData) -- C:\Documents and Settings\Amy Toth\Application Data\敎潲䍄敔灭慬整sAppData
[2009/01/22 23:28:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Amy Toth\Application Data\???????sAppData) -- C:\Documents and Settings\Amy Toth\Application Data\敎潲䍄敔灭慬整sAppData
(C:\Documents and Settings\Amy Toth\Application Data\???????sAppData) -- C:\Documents and Settings\Amy Toth\Application Data\敎潲䍄敔灭慬整sAppData

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0F6BF406092276E8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:411E1BE2

< End of report >

ken545

2011-02-19, 12:46

Lets just check a few files before we remove them

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

C:\WINDOWS\System32\wekhufek.dll
C:\WINDOWS\System32\qjvkjwjr.dll
C:\WINDOWS\System32\cxvcqycc.dll

If the site is busy you can try this one
http://virusscan.jotti.org/en

thomto

2011-02-19, 15:24

Hi ken545,
I submitted the files to VirusTotal and nothing happened. I submitted the files to Jotti's and all three said status: file is empty (0 bytes). I looked the files up in My Computer and they all contain 0 bytes.

ken545

2011-02-19, 18:49

Check these as well

C:\WINDOWS\System32\mscudgoe.dll
C:\WINDOWS\System32\mtxjxc.dll
C:\WINDOWS\System32\otppohtw.dll
C:\WINDOWS\System32\hxqrhs.dll
C:\WINDOWS\System32\fwsywlye.dll

If the above along with these are all Zero bytes the right click on them and select delete, leave them in the Recycle Bin until after a few reboots to make sure there not needed

C:\WINDOWS\System32\mscudgoe.dll
C:\WINDOWS\System32\mtxjxc.dll
C:\WINDOWS\System32\otppohtw.dll
C:\WINDOWS\System32\hxqrhs.dll
C:\WINDOWS\System32\fwsywlye.dll
C:\WINDOWS\System32\wekhufek.dll
C:\WINDOWS\System32\qjvkjwjr.dll
C:\WINDOWS\System32\cxvcqycc.dll

Then let me know how things are running now ?

thomto

2011-02-20, 07:51

Hi ken545,
All files checked were 0 bytes. I deleted them all and tried a reboot. The computer seems to be running pretty good with no symptoms or need for the deleted files. What do you think?
Thanks
Thomto

ken545

2011-02-20, 14:10

Looks good to me :bigthumb:

I will keep this topic open for you for a few days, post back and let me know how its going, if you feel you still have problems and the thread is closed just PM me to reopen it or start a New Topic.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken

ken545

2011-02-24, 18:59

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.