PDA

View Full Version : Another click.giftload!!


Migeliche
2011-03-28, 00:25
I have run Spybot and cleaned click.giftload but it reappears:police: when I run Spybot again. How can I remove it. Thanks.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kitchen Komputer at 13:46:47.49 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.104 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
C:\Program Files\SurfSecret PrivacyProtector\SS2-FULL.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Kitchen Komputer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/country/us/en/welcome.html
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PMSpeed] c:\program files\newsoft\presto! pagemanager 8 for ep\PMSpeed.EXE
uRun: [SurfSecret] "c:\program files\surfsecret privacyprotector\SS2-FULL.exe" /min
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kitche~1\applic~1\mozilla\firefox\profiles\wt1oqlcs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-29 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-12-29 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-12-29 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-29 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-29 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-12-29 249616]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-12-29 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-12-29 1150936]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [2008-11-26 207872]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-12-29 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-29 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-3 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 Norton Internet Security;Norton Internet Security; [x]
.
=============== Created Last 30 ================
.
2011-03-27 02:03:33 -------- d-----w- c:\docume~1\kitche~1\applic~1\GetRightToGo
2011-03-27 01:57:12 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-27 01:57:08 -------- d-----w- c:\program files\Prevx
2011-03-27 01:56:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2011-03-03 01:38:59 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-02 02:49:21 -------- d-----w- c:\program files\iPod
2011-03-02 02:49:17 -------- d-----w- c:\program files\iTunes
2011-03-02 02:11:33 -------- d-----w- c:\docume~1\kitche~1\locals~1\applic~1\Apple
2011-03-01 20:56:10 -------- d-----w- c:\program files\Bonjour
2011-03-01 20:29:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-01 20:29:00 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-01 20:27:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-65M0A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8656C555]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865727b0]; MOV EAX, [0x8657282c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8650AAB8]
3 CLASSPNP[0xF75C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86589920]
5 PCTCore[0xF73B3099] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000005e[0x865E0160]
7 ACPI[0xF745F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8650ED98]
\Driver\atapi[0x864F8D10] -> IRP_MJ_CREATE -> 0x8656C555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD1600AAJS-65M0A0___________________01.03E01#5&204dc0f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8656C39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:53:00.56 ===============
ken545
2011-03-29, 14:30
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Your system is infected with a Rootkit


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
Migeliche
2011-03-29, 18:38
Thank you for helping me with this problem. I ran TDSSKiller.exe and I have Pasted the log below.

2011/03/29 08:27:16.0656 3388 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/29 08:27:17.0203 3388 ================================================================================
2011/03/29 08:27:17.0203 3388 SystemInfo:
2011/03/29 08:27:17.0203 3388
2011/03/29 08:27:17.0203 3388 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/29 08:27:17.0203 3388 Product type: Workstation
2011/03/29 08:27:17.0203 3388 ComputerName: KITCHEN
2011/03/29 08:27:17.0203 3388 UserName: Kitchen Komputer
2011/03/29 08:27:17.0203 3388 Windows directory: C:\WINDOWS
2011/03/29 08:27:17.0203 3388 System windows directory: C:\WINDOWS
2011/03/29 08:27:17.0203 3388 Processor architecture: Intel x86
2011/03/29 08:27:17.0203 3388 Number of processors: 2
2011/03/29 08:27:17.0203 3388 Page size: 0x1000
2011/03/29 08:27:17.0203 3388 Boot type: Normal boot
2011/03/29 08:27:17.0203 3388 ================================================================================
2011/03/29 08:27:18.0046 3388 Initialize success
2011/03/29 08:27:22.0359 3436 ================================================================================
2011/03/29 08:27:22.0359 3436 Scan started
2011/03/29 08:27:22.0359 3436 Mode: Manual;
2011/03/29 08:27:22.0359 3436 ================================================================================
2011/03/29 08:27:23.0328 3436 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/29 08:27:23.0390 3436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/29 08:27:23.0515 3436 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/29 08:27:23.0578 3436 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/29 08:27:23.0812 3436 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/03/29 08:27:24.0046 3436 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/29 08:27:24.0109 3436 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/29 08:27:24.0187 3436 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/29 08:27:24.0265 3436 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/29 08:27:24.0343 3436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/29 08:27:24.0421 3436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/29 08:27:24.0515 3436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/29 08:27:24.0562 3436 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/29 08:27:24.0625 3436 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/29 08:27:24.0953 3436 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/29 08:27:25.0031 3436 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/29 08:27:25.0109 3436 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/29 08:27:25.0156 3436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/29 08:27:25.0234 3436 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/29 08:27:25.0375 3436 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/29 08:27:25.0500 3436 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/29 08:27:25.0562 3436 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/29 08:27:25.0593 3436 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/29 08:27:25.0640 3436 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/29 08:27:25.0703 3436 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/29 08:27:25.0765 3436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/29 08:27:25.0812 3436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/29 08:27:25.0875 3436 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/29 08:27:25.0921 3436 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/29 08:27:26.0000 3436 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/29 08:27:26.0078 3436 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/29 08:27:26.0171 3436 HSFHWBS3 (31b76d75190ce3eec3a357028cd60b6f) C:\WINDOWS\system32\DRIVERS\HSFHWBS3.sys
2011/03/29 08:27:26.0250 3436 HSF_DP (a784c4e750b6a6d9bf77062105103c38) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/29 08:27:26.0343 3436 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/29 08:27:26.0484 3436 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/29 08:27:26.0718 3436 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/29 08:27:26.0937 3436 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/29 08:27:27.0187 3436 IntcAzAudAddService (bd4d6e6f708aa8503653e2be9d53459b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/29 08:27:27.0375 3436 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/29 08:27:27.0437 3436 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/29 08:27:27.0468 3436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/29 08:27:27.0531 3436 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/29 08:27:27.0578 3436 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/29 08:27:27.0640 3436 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/29 08:27:27.0687 3436 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/29 08:27:27.0765 3436 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/29 08:27:27.0828 3436 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/29 08:27:27.0875 3436 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/29 08:27:27.0921 3436 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/29 08:27:27.0968 3436 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/29 08:27:28.0125 3436 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/29 08:27:28.0203 3436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/29 08:27:28.0265 3436 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/29 08:27:28.0296 3436 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/29 08:27:28.0359 3436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/29 08:27:28.0406 3436 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/29 08:27:28.0500 3436 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/29 08:27:28.0578 3436 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/29 08:27:28.0671 3436 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/29 08:27:28.0734 3436 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/29 08:27:28.0781 3436 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/29 08:27:28.0828 3436 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/29 08:27:28.0890 3436 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/29 08:27:28.0921 3436 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/29 08:27:29.0093 3436 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/29 08:27:29.0312 3436 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/29 08:27:29.0406 3436 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/29 08:27:29.0453 3436 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/29 08:27:29.0515 3436 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/29 08:27:29.0593 3436 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/29 08:27:29.0671 3436 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/29 08:27:29.0796 3436 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/29 08:27:29.0843 3436 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/29 08:27:29.0937 3436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/29 08:27:29.0984 3436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/29 08:27:30.0031 3436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/29 08:27:30.0125 3436 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/29 08:27:30.0171 3436 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/29 08:27:30.0234 3436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/29 08:27:30.0281 3436 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/29 08:27:30.0359 3436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/29 08:27:30.0421 3436 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/29 08:27:30.0453 3436 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/03/29 08:27:30.0531 3436 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/03/29 08:27:30.0609 3436 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/03/29 08:27:30.0671 3436 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/03/29 08:27:30.0750 3436 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/03/29 08:27:31.0109 3436 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/29 08:27:31.0156 3436 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/29 08:27:31.0203 3436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/29 08:27:31.0437 3436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/29 08:27:31.0500 3436 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/29 08:27:31.0546 3436 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/29 08:27:31.0609 3436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/29 08:27:31.0671 3436 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/29 08:27:31.0734 3436 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/29 08:27:31.0812 3436 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/29 08:27:31.0921 3436 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/29 08:27:32.0031 3436 RT73 (b01b2c25bd80770878285fb569090d7b) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2011/03/29 08:27:32.0109 3436 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/03/29 08:27:32.0234 3436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/29 08:27:32.0312 3436 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/29 08:27:32.0390 3436 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/29 08:27:32.0578 3436 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/29 08:27:32.0640 3436 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/29 08:27:32.0703 3436 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/29 08:27:32.0796 3436 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/29 08:27:32.0828 3436 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/29 08:27:33.0046 3436 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/29 08:27:33.0140 3436 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/29 08:27:33.0203 3436 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/29 08:27:33.0234 3436 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/29 08:27:33.0296 3436 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/29 08:27:33.0359 3436 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/03/29 08:27:33.0421 3436 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/03/29 08:27:33.0484 3436 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/03/29 08:27:33.0640 3436 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/29 08:27:33.0750 3436 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/29 08:27:33.0843 3436 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/29 08:27:33.0890 3436 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/29 08:27:33.0953 3436 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/29 08:27:34.0015 3436 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/29 08:27:34.0046 3436 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/29 08:27:34.0125 3436 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/29 08:27:34.0156 3436 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/29 08:27:34.0250 3436 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/29 08:27:34.0359 3436 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/29 08:27:34.0515 3436 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/29 08:27:34.0671 3436 winachsf (b49d4b52d446f8cdd8b7767c28024b11) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/29 08:27:34.0859 3436 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/29 08:27:35.0015 3436 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/29 08:27:35.0031 3436 ================================================================================
2011/03/29 08:27:35.0031 3436 Scan finished
2011/03/29 08:27:35.0031 3436 ================================================================================
2011/03/29 08:27:35.0062 1764 Detected object count: 1
2011/03/29 08:27:50.0859 1764 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/29 08:27:50.0859 1764 \HardDisk0 - ok
2011/03/29 08:27:50.0859 1764 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/29 08:28:01.0156 2828 Deinitialize success
:rockon:
ken545
2011-03-29, 18:50
Great, but where not out of the woods yet.

Make sure you rebooted your computer for TDSSKiller to complete its job

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Migeliche
2011-03-29, 20:27
I followed your instructions, the log follows.
Thanks!

ComboFix 11-03-28.05 - Kitchen Komputer 03/29/2011 9:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.250 [GMT -7:00]
Running from: c:\documents and settings\Kitchen Komputer\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-29 15:37 . 2011-03-29 15:37 -------- d-----w- c:\windows\LastGood
2011-03-27 20:43 . 2011-03-27 20:43 -------- d-----w- c:\program files\ERUNT
2011-03-27 02:03 . 2011-03-27 02:06 -------- d-----w- c:\documents and settings\Kitchen Komputer\Application Data\GetRightToGo
2011-03-27 01:57 . 2011-03-27 01:57 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-27 01:57 . 2011-03-27 01:57 -------- d-----w- c:\program files\Prevx
2011-03-27 01:56 . 2011-03-27 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-03-21 20:03 . 2011-03-25 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-03-21 20:03 . 2011-03-21 20:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-03-19 18:20 . 2011-03-19 18:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Mozilla
2011-03-19 17:41 . 2011-03-19 17:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2011-03-19 17:41 . 2011-03-19 17:41 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple Computer
2011-03-03 01:38 . 2011-03-03 01:44 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-02 02:49 . 2011-03-02 02:49 -------- d-----w- c:\program files\iPod
2011-03-02 02:49 . 2011-03-02 02:50 -------- d-----w- c:\program files\iTunes
2011-03-02 02:12 . 2011-03-02 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-03-02 02:11 . 2011-03-02 02:11 -------- d-----w- c:\documents and settings\Kitchen Komputer\Local Settings\Application Data\Apple
2011-03-02 01:51 . 2011-03-02 01:51 -------- d-----w- c:\program files\Apple Software Update
2011-03-01 20:56 . 2011-03-01 20:56 -------- d-----w- c:\program files\Bonjour
2011-03-01 20:55 . 2011-03-02 02:49 -------- d-----w- c:\program files\Common Files\Apple
2011-03-01 20:55 . 2011-03-01 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-03-01 20:29 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-01 20:29 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-01 20:27 . 2011-03-01 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/29/2010 7:28 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/29/2010 7:28 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/29/2010 7:28 PM 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/29/2010 7:29 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/29/2010 7:29 PM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/29/2010 7:28 PM 249616]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 3:34 PM 207872]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/29/2010 7:29 PM 33552]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 2:01 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 Norton Internet Security;Norton Internet Security; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 2:01 PM 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/29/2010 7:27 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/29/2010 7:27 PM 366840]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 21:01]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 21:01]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2453071809-3449326215-3069849577-1006Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-06 06:47]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2453071809-3449326215-3069849577-1006UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-06 06:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/country/us/en/welcome.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Kitchen Komputer\Application Data\Mozilla\Firefox\Profiles\wt1oqlcs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 10:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\PC Tools Security\TFEngine\TFMon.dll
c:\program files\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-03-29 10:13:21
ComboFix-quarantined-files.txt 2011-03-29 17:13
.
Pre-Run: 131,709,337,600 bytes free
Post-Run: 131,724,505,088 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BB14DD2E214A21C72D85AB3E77012127
ken545
2011-03-29, 20:54
Good Job,

This is what I would like you to do.

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic



Post both logs and let me know how you feel your system is behaving now ?
Migeliche
2011-03-29, 22:57
I ran the two scans and the two logs are below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6204

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/29/2011 11:02:05 AM
mbam-log-2011-03-29 (11-02-05).txt

Scan type: Quick scan
Objects scanned: 158183
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=958734cfd285ea4990982a5caa3dde4f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-29 07:51:12
# local_time=2011-03-29 12:51:12 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774142 0 2 7775593 7775593 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97420
# found=2
# cleaned=2
# scan_time=4248
C:\Documents and Settings\Kitchen Komputer\Desktop\Desk Top Misc\Software\Install_AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DD748E69-E471-45D5-8FA3-A49BABE78D85}\RP506\A0116690.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
ken545
2011-03-29, 23:29
Looking good so far. There was a bad entry in your System Restore Program, lets flush it all out and BE SURE TO CREATE A NEW RESTORE POINT


System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.


Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.





Lets double check your hard disk and be sure its been cured

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif
Click the "Scan" button to start scan


http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Migeliche
2011-03-29, 23:50
I followed the instructions and the log follows. I didn't get a completion message after I removed the prior restore points (maybe it doesn't give one).
Regards, Migeliche

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-29 13:43:55
-----------------------------
13:43:55.328 OS Version: Windows 5.1.2600 Service Pack 3
13:43:55.328 Number of processors: 2 586 0x1C02
13:43:55.328 ComputerName: KITCHEN UserName:
13:43:55.843 Initialize success
13:44:07.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:44:07.375 Disk 0 Vendor: WDC_WD1600AAJS-65M0A0 01.03E01 Size: 152627MB BusType: 3
13:44:09.390 Disk 0 MBR read successfully
13:44:09.390 Disk 0 MBR scan
13:44:11.390 Disk 0 scanning sectors +312560640
13:44:11.421 Disk 0 scanning C:\WINDOWS\system32\drivers
13:44:16.265 Service scanning
13:44:17.281 Disk 0 trace - called modules:
13:44:17.281 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:44:17.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86584ab8]
13:44:17.281 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> [0x86576920]
13:44:17.281 5 PCTCore.sys[f73b3099] -> nt!IofCallDriver -> \Device\0000005e[0x865e2288]
13:44:17.281 7 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86514d98]
13:44:17.281 Scan finished successfully
ken545
2011-03-30, 00:37
Great, looks like TDSSKiller did its job ?

How is your system behaving now, any better ?

Run this final scan, it will just give a more in-depth look into your system, it wont remove anything unless we have to .



OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Migeliche
2011-03-30, 04:16
I ran OTL. Here are the two logs. The system is running fine!

OTL logfile created on: 3/29/2011 5:55:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kitchen Komputer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 124.16 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: KITCHEN | User Name: Kitchen Komputer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kitchen Komputer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe (NewSoft Technology Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kitchen Komputer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (ThreatFire) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (TFSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSFHWBS3) -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop

IE - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig
IE - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 13:38:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 13:38:20 | 000,000,000 | ---D | M]

[2011/02/25 17:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kitchen Komputer\Application Data\Mozilla\Extensions
[2011/03/29 10:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kitchen Komputer\Application Data\Mozilla\Firefox\Profiles\wt1oqlcs.default\extensions
[2011/03/22 10:26:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kitchen Komputer\Application Data\Mozilla\Firefox\Profiles\wt1oqlcs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/25 17:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/03/29 10:07:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2453071809-3449326215-3069849577-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kitchen Komputer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kitchen Komputer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 17:53:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kitchen Komputer\Desktop\OTL.exe
[2011/03/29 13:43:40 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kitchen Komputer\Desktop\aswMBR.exe
[2011/03/29 13:39:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/29 11:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/29 10:57:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/29 10:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/29 10:57:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/29 10:56:41 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kitchen Komputer\Desktop\mbam-setup.exe
[2011/03/29 10:13:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/29 09:52:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/29 09:50:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/29 09:50:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/29 09:50:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/29 09:50:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/29 09:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 09:31:24 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Kitchen Komputer\Desktop\ATF-Cleaner.exe
[2011/03/29 08:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kitchen Komputer\Desktop\tdsskiller
[2011/03/27 13:45:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/27 13:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/27 13:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/27 13:29:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kitchen Komputer\Desktop\erunt-setup.exe
[2011/03/26 19:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/26 19:10:33 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Kitchen Komputer\Desktop\spybotsd162.exe
[2011/03/26 19:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kitchen Komputer\Desktop\Downloads
[2011/03/26 19:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kitchen Komputer\Application Data\GetRightToGo
[2011/03/26 19:03:14 | 000,367,232 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Kitchen Komputer\Desktop\sdasetup.exe
[2011/03/26 18:57:12 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/03/26 18:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/03/26 18:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/03/26 18:56:17 | 000,945,272 | ---- | C] (Prevx) -- C:\Documents and Settings\Kitchen Komputer\Desktop\prevxcsifree.exe
[2011/03/21 13:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/03/21 13:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/03/10 11:26:24 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Kitchen Komputer\Desktop\install_flash_player.exe
[2011/03/02 18:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kitchen Komputer\Start Menu\Programs\Free Window Registry Repair
[2011/03/02 18:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/03/02 09:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/01 19:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/01 19:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/01 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/03/01 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/01 19:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/03/01 19:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kitchen Komputer\Local Settings\Application Data\Apple
[2011/03/01 18:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/03/01 13:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/01 13:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/03/01 13:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/03/01 13:29:00 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/03/01 13:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/01 13:23:03 | 082,089,256 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Kitchen Komputer\Desktop\iTunesSetup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/29 17:53:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kitchen Komputer\Desktop\OTL.exe
[2011/03/29 17:50:50 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{06CF7931-210C-4106-A4D2-F298F148A5BF}
[2011/03/29 17:50:40 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/03/29 17:50:33 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 17:28:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/29 17:06:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2453071809-3449326215-3069849577-1006UA.job
[2011/03/29 15:34:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/29 15:34:02 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/29 15:17:42 | 000,590,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/29 15:17:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/29 15:06:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2453071809-3449326215-3069849577-1006Core.job
[2011/03/29 13:44:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\MBR.dat
[2011/03/29 13:43:42 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kitchen Komputer\Desktop\aswMBR.exe
[2011/03/29 10:57:29 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/29 10:56:49 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kitchen Komputer\Desktop\mbam-setup.exe
[2011/03/29 10:07:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/29 09:53:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/29 09:41:30 | 004,305,591 | R--- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\ComboFix.exe
[2011/03/29 09:31:25 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Kitchen Komputer\Desktop\ATF-Cleaner.exe
[2011/03/29 08:25:33 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\tdsskiller.zip
[2011/03/28 09:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/28 03:31:59 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/27 19:16:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 17:07:42 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{06CF7931-210C-4106-A4D2-F298F148A5BF}
[2011/03/27 13:58:08 | 000,003,533 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Attach.zip
[2011/03/27 13:46:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\dds.scr
[2011/03/27 13:43:43 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\ERUNT.lnk
[2011/03/27 13:29:39 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kitchen Komputer\Desktop\erunt-setup.exe
[2011/03/26 19:12:21 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/26 19:12:21 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Spybot - Search & Destroy.lnk
[2011/03/26 19:10:48 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Kitchen Komputer\Desktop\spybotsd162.exe
[2011/03/26 19:03:18 | 000,367,232 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Kitchen Komputer\Desktop\sdasetup.exe
[2011/03/26 18:57:12 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/03/26 18:56:49 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/26 18:56:23 | 000,945,272 | ---- | M] (Prevx) -- C:\Documents and Settings\Kitchen Komputer\Desktop\prevxcsifree.exe
[2011/03/25 17:39:23 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Spyware Doctor (2).lnk
[2011/03/20 15:29:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/18 12:39:03 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/18 12:39:03 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 11:27:45 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Kitchen Komputer\Desktop\install_flash_player.exe
[2011/03/02 18:39:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Free Window Registry Repair.lnk
[2011/03/02 18:38:31 | 000,799,120 | ---- | M] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\RegpairSetup.exe
[2011/03/02 09:01:43 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/01 19:12:59 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/03/01 13:24:11 | 082,089,256 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Kitchen Komputer\Desktop\iTunesSetup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 13:44:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\MBR.dat
[2011/03/29 10:57:29 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/29 09:53:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/29 09:53:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/29 09:50:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/29 09:50:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/29 09:50:13 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/29 09:50:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/29 09:50:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/29 09:41:14 | 004,305,591 | R--- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\ComboFix.exe
[2011/03/29 08:24:21 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\tdsskiller.zip
[2011/03/27 13:58:08 | 000,003,533 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Attach.zip
[2011/03/27 13:46:15 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\dds.scr
[2011/03/27 13:43:43 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\ERUNT.lnk
[2011/03/26 19:12:21 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/26 19:12:21 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Spybot - Search & Destroy.lnk
[2011/03/26 18:56:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/25 17:39:23 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Spyware Doctor (2).lnk
[2011/03/02 18:39:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\Free Window Registry Repair.lnk
[2011/03/02 18:38:31 | 000,799,120 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Desktop\RegpairSetup.exe
[2011/03/02 09:01:43 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/01 19:12:59 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/03/01 19:11:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/01 18:51:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/02/25 13:52:23 | 000,037,896 | ---- | C] () -- C:\Documents and Settings\Kitchen Komputer\Application Data\Comma Separated Values (DOS).ADR
[2011/02/21 18:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2010/12/15 00:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Z_VOLAP21.dll
[2010/12/11 12:14:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 18:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/10/15 18:20:37 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/15 18:20:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/15 18:20:37 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/15 18:20:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/15 18:20:37 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/15 18:20:37 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/15 18:20:37 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/15 18:20:37 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/15 18:20:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/15 18:20:37 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/15 18:20:37 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/15 18:20:37 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/15 18:20:37 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/15 18:20:37 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/15 18:20:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/15 18:20:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/15 18:14:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\EPART810.ini
[2010/06/08 11:37:08 | 000,001,710 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/08 11:37:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/02/28 12:59:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/18 18:36:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/19 16:03:12 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2009/04/19 16:03:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/11/26 16:38:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 15:40:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 15:27:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/26 15:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/26 14:11:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 14:10:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 14:10:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 14:10:49 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 14:10:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 14:10:49 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 14:10:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 14:10:49 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 14:10:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/11/26 14:10:46 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 14:10:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 14:10:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 14:10:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 07:17:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/26 07:17:10 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/12/18 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/01 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/18 14:56:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/15 18:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/19 09:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/19 17:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/12/30 19:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/26 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/03/26 18:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/03/29 09:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/03/01 13:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/29 17:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\.oit
[2010/12/18 14:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\AVG10
[2010/11/13 19:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\Epson
[2011/03/26 19:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\GetRightToGo
[2010/11/13 19:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\Leader Technologies
[2010/10/15 18:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\Leadertech
[2009/12/16 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kitchen Komputer\Application Data\SurfSecret

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:430C6D84

< End of report >

OTL Extras logfile created on: 3/29/2011 5:55:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kitchen Komputer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 124.16 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: KITCHEN | User Name: Kitchen Komputer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2453071809-3449326215-3069849577-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink Recovery Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD SE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{757E0E87-8F54-46FD-BA00-54CCF341F4A9}" = ArcSoft Print Creations
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D895E3FB-45BA-4BBF-BE50-0DEED3CD3F7E}" = Wireless G WUA-1340
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSNINST" = MSN
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PROR" = Microsoft Office Professional 2007
"Spyware Doctor" = Spyware Doctor 8.0
"SurfSecret Privacy Protector_is1" = SurfSecret Privacy Protector
"SurfSecret_is1" = SurfSecret Privacy Protector
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2011 1:53:40 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 3/25/2011 3:42:32 PM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2011 3:42:38 PM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2011 3:59:44 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 3/25/2011 8:55:46 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 3/26/2011 1:42:26 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 3/26/2011 11:05:49 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 3/27/2011 12:00:47 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application eeventmanager.exe, version 2.3.0.1, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 3/27/2011 12:10:58 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x7c923845.

Error - 3/27/2011 8:02:24 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

[ System Events ]
Error - 3/27/2011 4:23:47 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 3/27/2011 4:54:01 PM | Computer Name = KITCHEN | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/27/2011 5:04:57 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 3/27/2011 5:04:57 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 3/27/2011 8:08:03 PM | Computer Name = KITCHEN | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 3/27/2011 8:08:37 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 3/29/2011 11:30:57 AM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 3/29/2011 11:30:57 AM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 3/29/2011 6:34:44 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 3/29/2011 6:34:44 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

< End of report >
Migeliche
2011-03-30, 09:26
I just ran Spybot and it found click.giftload, apparently we haven't got it yet!
ken545
2011-03-30, 11:54
Run Spybot again and post the results please
Migeliche
2011-03-30, 18:49
I ran Spybot again, this is the report. Is it the data you are looking for?
-- Search result list ---
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-03-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-12 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-22 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-21 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ Windows Media Player: Security Update for Windows Media Player (KB2378111)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player: Security Update for Windows Media Player (KB979402)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2183461)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2360131)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2482017)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB971930)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980182)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2160329)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2279986)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2296011)
/ Windows XP / SP4: Update for Windows XP (KB2345886)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB2360937)
/ Windows XP / SP4: Security Update for Windows XP (KB2387149)
/ Windows XP / SP4: Security Update for Windows XP (KB2393802)
/ Windows XP / SP4: Security Update for Windows XP (KB2419632)
/ Windows XP / SP4: Security Update for Windows XP (KB2423089)
/ Windows XP / SP4: Security Update for Windows XP (KB2440591)
/ Windows XP / SP4: Security Update for Windows XP (KB2443105)
/ Windows XP / SP4: Hotfix for Windows XP (KB2443685)
/ Windows XP / SP4: Security Update for Windows XP (KB2476687)
/ Windows XP / SP4: Security Update for Windows XP (KB2478960)
/ Windows XP / SP4: Security Update for Windows XP (KB2478971)
/ Windows XP / SP4: Security Update for Windows XP (KB2479628)
/ Windows XP / SP4: Security Update for Windows XP (KB2479943)
/ Windows XP / SP4: Security Update for Windows XP (KB2481109)
/ Windows XP / SP4: Security Update for Windows XP (KB2483185)
/ Windows XP / SP4: Security Update for Windows XP (KB2485376)
/ Windows XP / SP4: Security Update for Windows XP (KB2524375)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Security Update for Windows XP (KB963027)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969897)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Update for Windows XP (KB971029)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB977165)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978251)
/ Windows XP / SP4: Security Update for Windows XP (KB978262)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Hotfix for Windows XP (KB979306)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB979687)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981957)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982132)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
/ Windows XP / SP4: Security Update for Windows XP (KB982802)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40368
MD5: 02EBF3A363F9F331CF1FAF0C00F53EB9

Located: HK_LM:Run, ANIWZCS2Service
command: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
file: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
size: 49152
MD5: 6AFD3970A41F48306874DB23991A4955

Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 207424
MD5: A7810B302294793DE88542AAE177D1B1

Located: HK_LM:Run, D-Link Wireless G WUA-1340
command: C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
file: C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
size: 1662976
MD5: 14FF240BD004578951CBFF7C65FB20E0

Located: HK_LM:Run, EEventManager
command: C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
file: C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
size: 673616
MD5: 90A3525C7399B7784D28F99EA1A51C4C

Located: HK_LM:Run, FUFAXSTM
command: "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
file: C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
size: 843776
MD5: B05763CD99EB4CA9F8D0A95BD182736B

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 166424
MD5: 4C53C44E7C20E65445037954DC3A6BA4

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 141848
MD5: 9F6B6D0BE4F77F8693E9FD15D81C8A01

Located: HK_LM:Run, ISTray
command: "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
file: C:\Program Files\PC Tools Security\pctsGui.exe
size: 1589208
MD5: 69F5C5105CCCBEF036E993B66E47F951

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 421160
MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 137752
MD5: D8F3B455D3FA4B40C9BF544F55647C19

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, Reader Library Launcher
command: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
file: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
size: 906648
MD5: 3D295062806875591B8BC30DC3A8AF61

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 17021440
MD5: B762C41370476B1D8BE37C3BFC7B8021

Located: HK_LM:Run, UpdateP2GoShortCut
command: "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
file: C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
size: 210216
MD5: 82A3031F7FAA61CB5E040B0D98A104AF

Located: HK_LM:Run, WrtMon.exe
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
size: 26448
MD5: B8B1A3F5EFA0DBE88EAB41A7110B9A31

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, Google Update
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
file: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
size: 135664
MD5: 8F0DE4FEF8201E306F9938B0905AC96A

Located: HK_CU:Run, ltcmScheduler
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: C:\Program Files\LTCM Client\ltcmScheduler.exe
file: C:\Program Files\LTCM Client\ltcmScheduler.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, SurfSecret
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: "C:\Program Files\SurfSecret PrivacyProtector\SS2-FULL.exe" /min
file: C:\Program Files\SurfSecret PrivacyProtector\SS2-FULL.exe
size: 1275320
MD5: 62B16F5A77E3E190D6ACF98D99ADCBFF

Located: HK_CU:Run, swg
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-2453071809-3449326215-3069849577-1006...
command: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
file: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
size: 233936
MD5: 8D5E9603AD5FDD6B7E8F9DB6264F1CD1

Located: HK_CU:Run, PMSpeed
where: S-1-5-21-2453071809-3449326215-3069849577-1007...
command: C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
file: C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
size: 55120
MD5: 76D96A29DC13CCFDD8A49415725410E2

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 1/21/2011 1:43:08 PM
Date (last access): 3/30/2011 7:05:12 AM
Date (last write): 1/21/2011 1:43:08 PM
Filesize: 61888
Attributes: archive
MD5: 7370B2B95268E1F7D40B4C8B3646D78D
CRC32: 66FEFF1D
Version: 8.2.6.262

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 3/26/2011 7:12:12 PM
Date (last access): 3/30/2011 7:39:52 AM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{AA58ED58-01DD-4d91-8333-CF10577473F7} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:



--- ActiveX list ---
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~1\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 3/29/2011 11:32:10 AM
Date (last access): 3/29/2011 6:22:18 PM
Date (last write): 1/25/2011 4:09:22 PM
Filesize: 3381024
Attributes: archive
MD5: B51BB6A174641FBDA164396FEF152151
CRC32: 1B979B83
Version: 1.0.0.6425



--- Process list ---
PID: 0 ( 0) [System]
PID: 616 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 832 ( 616) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 856 ( 616) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 900 ( 856) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 912 ( 856) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1072 ( 900) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1120 ( 900) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1184 ( 900) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1304 ( 900) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1364 ( 900) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1808 ( 900) C:\WINDOWS\system32\spoolsv.exe
size: 58880
MD5: 60784F891563FB1B767F70117FC2428F
PID: 1904 ( 900) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1936 ( 900) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
size: 94208
MD5: ABDD5AD016AFFD34AD40E944CE94BF59
PID: 204 ( 900) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
size: 113152
MD5: ADC420616C501B45D26C0FD3EF1E54E4
PID: 240 ( 900) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
size: 37664
MD5: 5AA788D5A2C6737BB9C45933985BC1B8
PID: 264 ( 900) C:\Program Files\Bonjour\mDNSResponder.exe
size: 345376
MD5: F832F1505AD8B83474BD9A5B1B985E01
PID: 552 ( 900) C:\Program Files\PC Tools Security\pctsAuxs.exe
size: 366840
MD5: A1089AC7683826E6C7C9FAB9723DD80F
PID: 1460 ( 900) C:\Program Files\PC Tools Security\pctsSvc.exe
size: 1150936
MD5: ED6C2EFEB47524BFF4D5E5109FB1A2BB
PID: 1760 ( 900) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2756 (2692) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 2860 (2756) C:\WINDOWS\RTHDCPL.EXE
size: 17021440
MD5: B762C41370476B1D8BE37C3BFC7B8021
PID: 2876 (2756) C:\WINDOWS\system32\igfxtray.exe
size: 141848
MD5: 9F6B6D0BE4F77F8693E9FD15D81C8A01
PID: 2896 (2756) C:\WINDOWS\system32\hkcmd.exe
size: 166424
MD5: 4C53C44E7C20E65445037954DC3A6BA4
PID: 2904 (2756) C:\WINDOWS\system32\igfxpers.exe
size: 137752
MD5: D8F3B455D3FA4B40C9BF544F55647C19
PID: 2972 (1072) C:\WINDOWS\system32\igfxsrvc.exe
size: 256536
MD5: F56197D5CBDCC6A87C242DC8B8EEEE34
PID: 2992 (2756) C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
size: 1662976
MD5: 14FF240BD004578951CBFF7C65FB20E0
PID: 3008 (2756) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
size: 49152
MD5: 6AFD3970A41F48306874DB23991A4955
PID: 3028 (2756) C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
size: 673616
MD5: 90A3525C7399B7784D28F99EA1A51C4C
PID: 3056 (2756) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
size: 843776
MD5: B05763CD99EB4CA9F8D0A95BD182736B
PID: 3100 (2756) C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
size: 26448
MD5: B8B1A3F5EFA0DBE88EAB41A7110B9A31
PID: 3136 (2756) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 207424
MD5: A7810B302294793DE88542AAE177D1B1
PID: 3212 (3100) C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
size: 30544
MD5: C71861E53447055D4291F532A0DFA3FE
PID: 3800 (2756) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
size: 906648
MD5: 3D295062806875591B8BC30DC3A8AF61
PID: 3812 (3136) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
size: 309824
MD5: F400694D7D2785F60133C20F7F2F4F7A
PID: 3916 (2756) C:\Program Files\iTunes\iTunesHelper.exe
size: 421160
MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5
PID: 4012 (2756) C:\Program Files\PC Tools Security\pctsGui.exe
size: 1589208
MD5: 69F5C5105CCCBEF036E993B66E47F951
PID: 780 (2756) C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
size: 55120
MD5: 76D96A29DC13CCFDD8A49415725410E2
PID: 2500 ( 900) C:\Program Files\iPod\bin\iPodService.exe
size: 820008
MD5: 8E5E5A8CC84DA3F683E3BBC045138D52
PID: 3500 ( 900) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3528 (1184) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: F92E1076C42FCD6DB3D72D8CFE9816D5
PID: 2344 ( 900) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
size: 73728
MD5: 3BB48F7E33C2B76184DDF233000C09CD
PID: 1204 ( 900) C:\Program Files\PC Tools Security\TFEngine\TFService.exe
size: 70928
MD5: A37DD4F91CD86708874D1B8295DF772E
PID: 440 (2756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2212 (2756) C:\Program Files\Mozilla Firefox\firefox.exe
size: 912344
MD5: 0F3FA9FDB976C567EC0491685CF4FDF7
PID: 3172 (2212) C:\Program Files\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: 3AFF6B10C34CB8EAA6D6D5AA55193571
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/30/2011 8:23:27 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ig
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: PCTOOLS over [MSAFD Tcpip [TCP/IP]]
GUID: {B85FC2E4-9166-4B39-A40F-3A2C31BF2498}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol 1: PCTOOLS over [MSAFD Tcpip [UDP/IP]]
GUID: {B85FC2E4-9166-4B39-A40F-3A2C31BF2498}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol 2: PCTOOLS over [MSAFD Tcpip [RAW/IP]]
GUID: {B85FC2E4-9166-4B39-A40F-3A2C31BF2498}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{06CF7931-210C-4106-A4D2-F298F148A5BF}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{06CF7931-210C-4106-A4D2-F298F148A5BF}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE09FEC3-496B-4760-B96F-35CF5D0F9D5B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE09FEC3-496B-4760-B96F-35CF5D0F9D5B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A5C4E38-AB12-4FC6-8A1D-2743F5C0DF74}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A5C4E38-AB12-4FC6-8A1D-2743F5C0DF74}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE194FE6-24D9-4E65-8318-026E2128095A}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE194FE6-24D9-4E65-8318-026E2128095A}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE2E05D-7F23-4DA0-AA4B-9BA28E3B0151}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE2E05D-7F23-4DA0-AA4B-9BA28E3B0151}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 17: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 18: PCTOOLS CONTENT FILTER PROVIDER
GUID: {7F9EB0B5-7444-4497-AEEF-D0E2C76F9FAD}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
ken545
2011-03-30, 19:30
Lets try this and see if SuperAntiSpyware will remove it

Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply
Migeliche
2011-03-30, 20:46
I ran Superantispyware , the log follows.
Thanks
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/30/2011 at 10:09 AM

Application Version : 4.50.1002

Core Rules Database Version : 6710
Trace Rules Database Version: 4522

Scan type : Complete Scan
Total Scan Time : 00:28:34

Memory items scanned : 492
Memory threats detected : 0
Registry items scanned : 5756
Registry threats detected : 0
File items scanned : 16448
File threats detected : 45

Adware.Tracking Cookie
broadcast.piximedia.fr [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
cache.specificmedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
interclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media.klewtv.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media.mtvnservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media.nick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media.onsugar.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media.scanscout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media.thewb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media1.break.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media1.clubpenguin.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
media10.washingtonpost.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
msnbcmedia.msn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
objects.tremormedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
static.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
videos.mediaite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GASTGANP ]
cdn.eyewonder.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
interclick.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
malepornstarsexposed.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
media.mtvnservices.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
media1.break.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
media1.shufuni.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
s0.2mdn.net [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
static.2mdn.net [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
www.naiadsystems.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Kitchen Komputer\Application Data\Macromedia\Flash Player\#SharedObjects\K8W3N6R7 ]
convoad.technoratimedia.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
service.twistage.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\PDLV8LN2 ]
convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TV6HP3GX ]
ken545
2011-03-30, 20:58
Don't see it.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
click.giftload
:folderfind
click.giftload
:regfind
click.giftload
:process
click.giftload


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Migeliche
2011-03-30, 21:04
I ran systemlook, the log follows;

SystemLook 04.09.10 by jpshortstuff
Log created at 11:00 on 30/03/2011 by Kitchen Komputer
Administrator - Elevation successful

========== filefind ==========

Searching for "click.giftload"
No files found.

========== folderfind ==========

Searching for "click.giftload"
No folders found.

========== regfind ==========

Searching for "click.giftload"
No data found.

========== process ==========

click.giftload - Unable to open process handle.

-= EOF =-
ken545
2011-03-31, 00:15
Take your copy of Combofix and drag it to the trash, then download a fresh copy to your desktop



Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Do not proceed until you back up your registry with ERUNT

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe





Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::




Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Migeliche
2011-03-31, 01:20
I ran Combofix, here's the log. Thanks.

ComboFix 11-03-29.06 - Kitchen Komputer 03/30/2011 14:39:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.404 [GMT -7:00]
Running from: c:\documents and settings\Kitchen Komputer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kitchen Komputer\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 16:35 . 2011-03-30 16:35 -------- d-----w- c:\documents and settings\Kitchen Komputer\Application Data\SUPERAntiSpyware.com
2011-03-30 16:35 . 2011-03-30 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-30 16:35 . 2011-03-30 16:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-29 18:32 . 2011-03-29 18:32 -------- d-----w- c:\program files\ESET
2011-03-29 17:57 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 17:57 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-27 20:43 . 2011-03-27 20:43 -------- d-----w- c:\program files\ERUNT
2011-03-27 02:03 . 2011-03-27 02:06 -------- d-----w- c:\documents and settings\Kitchen Komputer\Application Data\GetRightToGo
2011-03-27 01:57 . 2011-03-27 01:57 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-27 01:57 . 2011-03-27 01:57 -------- d-----w- c:\program files\Prevx
2011-03-27 01:56 . 2011-03-27 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-03-21 20:03 . 2011-03-25 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-03-21 20:03 . 2011-03-21 20:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-03-19 18:20 . 2011-03-19 18:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Mozilla
2011-03-19 17:41 . 2011-03-19 17:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2011-03-19 17:41 . 2011-03-19 17:41 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple Computer
2011-03-03 01:38 . 2011-03-03 01:44 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-02 02:49 . 2011-03-02 02:49 -------- d-----w- c:\program files\iPod
2011-03-02 02:49 . 2011-03-02 02:50 -------- d-----w- c:\program files\iTunes
2011-03-02 02:12 . 2011-03-02 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-03-02 02:11 . 2011-03-02 02:11 -------- d-----w- c:\documents and settings\Kitchen Komputer\Local Settings\Application Data\Apple
2011-03-02 01:51 . 2011-03-02 01:51 -------- d-----w- c:\program files\Apple Software Update
2011-03-01 20:56 . 2011-03-01 20:56 -------- d-----w- c:\program files\Bonjour
2011-03-01 20:55 . 2011-03-02 02:49 -------- d-----w- c:\program files\Common Files\Apple
2011-03-01 20:55 . 2011-03-01 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-03-01 20:29 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-01 20:29 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-01 20:27 . 2011-03-01 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-11-26 21:10 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-11-26 21:10 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-11-26 22:22 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-26 22:22 677888 ------w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-11-26 21:10 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-11-26 21:10 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-11-26 21:10 1854976 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-29_17.08.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-26 21:10 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-11-26 21:10 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2008-11-26 21:10 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 11:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 43520 c:\windows\system32\licmgr10.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
+ 2008-11-26 22:23 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 81920 c:\windows\system32\isign32.dll
+ 2008-11-26 21:10 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
- 2009-07-11 18:25 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-11 18:25 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-11-26 22:23 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2008-11-26 21:10 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
- 2008-11-26 21:10 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-07-29 15:30 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-29 15:30 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-11-26 22:23 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-11-26 21:10 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-11-26 21:10 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-11-26 21:10 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-11-26 21:10 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-02-20 22:33 . 2011-03-29 22:12 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-04 23:37 . 2010-09-29 22:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 23:37 . 2011-03-29 22:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2006-10-27 05:17 . 2006-10-27 05:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 05:13 . 2006-10-27 05:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 23:11 . 2006-10-27 23:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2011-02-20 22:31 . 2011-02-20 22:31 12096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 12080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 64288 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-27 03:49 . 2006-10-27 03:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 04:55 . 2006-10-27 04:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 04:55 . 2006-10-27 04:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 05:13 . 2006-10-27 05:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 04:09 . 2006-10-27 04:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 12112 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 23:11 . 2006-10-27 23:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 11544 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 12104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 20280 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 23:26 . 2006-10-27 23:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 03:52 . 2006-10-27 03:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 23:01 . 2006-10-27 23:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 05:13 . 2006-10-27 05:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 03:48 . 2006-10-27 03:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-27 03:52 . 2006-10-27 03:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 05:18 . 2006-10-27 05:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 12096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2011-02-20 22:29 . 2011-02-20 22:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 05:30 . 2006-10-27 05:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 05:18 . 2006-10-27 05:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2011-03-29 22:08 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-03-30 21:21 . 2011-03-30 21:21 16384 c:\windows\ERDNT\3-30-2011\Users\00000002\UsrClass.dat
+ 2011-03-29 22:05 . 2011-03-29 22:05 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2011-03-29 22:06 . 2011-03-29 22:06 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 916480 c:\windows\system32\wininet.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
- 2008-11-26 21:10 . 2008-04-14 12:00 135168 c:\windows\system32\shsvcs.dll
+ 2008-11-26 21:10 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2008-11-26 21:10 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2008-11-26 21:10 . 2008-04-14 12:00 249856 c:\windows\system32\odbc32.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
+ 2008-11-26 21:10 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 11:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 11:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2008-11-26 21:10 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2008-11-26 21:10 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2008-11-26 21:10 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2008-11-26 21:10 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
+ 2008-11-26 21:10 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
- 2008-11-26 14:17 . 2011-02-21 00:41 268600 c:\windows\system32\FNTCACHE.DAT
+ 2008-11-26 14:17 . 2011-03-29 22:34 268600 c:\windows\system32\FNTCACHE.DAT
- 2008-11-26 21:10 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-11-26 21:10 . 2008-04-14 12:00 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-11-26 21:10 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-11-26 21:10 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2008-11-26 21:10 . 2008-04-14 12:00 270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-11-26 21:10 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-11-26 21:10 . 2008-04-14 12:00 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-11-26 21:10 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-11-26 21:10 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 102400 c:\windows\system32\dllcache\msjro.dll
+ 2008-11-26 22:23 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2009-07-29 15:30 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-29 15:30 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 200704 c:\windows\system32\dllcache\msadox.dll
+ 2008-11-26 22:23 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2008-11-26 22:23 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 180224 c:\windows\system32\dllcache\msadomd.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 536576 c:\windows\system32\dllcache\msado15.dll
+ 2008-11-26 22:23 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2008-11-26 22:23 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2008-11-26 22:23 . 2008-04-14 12:00 143360 c:\windows\system32\dllcache\msadco.dll
+ 2008-11-26 21:10 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2008-11-26 21:10 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-11-26 22:22 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2008-11-26 22:22 . 2008-04-14 12:00 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2008-11-26 21:10 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-11-26 21:10 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-07-11 18:25 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-11 18:25 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-12 18:25 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-12 18:25 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-11-26 21:10 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-11-26 21:10 . 2008-04-14 12:00 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-11-26 21:10 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-11-26 21:10 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2011-02-20 22:33 . 2011-02-20 22:33 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-03-29 22:02 . 2011-03-29 22:02 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-02-20 22:26 . 2011-02-20 22:26 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2006-10-27 04:49 . 2006-10-27 04:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 781104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 23:23 . 2006-10-27 23:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-07-28 23:21 . 2006-07-28 23:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 05:18 . 2006-10-27 05:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 04:06 . 2006-10-27 04:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 04:13 . 2006-10-27 04:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 04:55 . 2006-10-27 04:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 04:09 . 2006-10-27 04:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 23:04 . 2006-10-27 23:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 04:09 . 2006-10-27 04:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 248632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 05:07 . 2006-10-27 05:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 23:04 . 2006-10-27 23:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 05:30 . 2006-10-27 05:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-27 02:53 . 2006-07-27 02:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-27 04:34 . 2006-10-27 04:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 04:34 . 2006-10-27 04:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 16:37 . 2006-10-20 16:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 416544 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 04:06 . 2006-10-27 04:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 03:55 . 2006-10-27 03:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-27 03:55 . 2006-10-27 03:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 21:56 . 2006-10-26 21:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 03:50 . 2006-10-27 03:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 22:47 . 2006-10-26 22:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 21:56 . 2006-10-26 21:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 22:59 . 2006-10-27 22:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 21:58 . 2006-10-26 21:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 21:58 . 2006-10-26 21:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 23:04 . 2006-10-27 23:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 03:52 . 2006-10-27 03:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 150320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 23:09 . 2006-10-27 23:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 04:55 . 2006-10-27 04:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-27 03:48 . 2006-10-27 03:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 03:48 . 2006-10-27 03:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 04:12 . 2006-10-27 04:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 23:41 . 2006-10-27 23:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 23:40 . 2006-10-27 23:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 05:18 . 2006-10-27 05:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 03:49 . 2006-10-27 03:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2011-03-29 22:08 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-03-29 22:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-03-29 22:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-03-29 22:08 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-03-29 22:08 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-03-30 21:21 . 2005-10-20 19:02 163328 c:\windows\ERDNT\3-30-2011\ERDNT.EXE
+ 2011-03-29 22:05 . 2011-03-29 22:05 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2011-03-29 22:05 . 2011-03-29 22:05 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2011-03-29 22:06 . 2011-03-29 22:06 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-03-29 22:05 . 2011-03-29 22:05 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-11-26 21:10 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
- 2008-11-26 21:10 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-11-26 21:10 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2008-04-14 00:54 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2008-11-26 21:10 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2008-11-21 06:06 . 2008-11-21 06:06 1194848 c:\windows\system32\FM20.DLL
+ 2008-11-26 21:10 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-11-26 21:10 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-11-26 21:10 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-11-26 21:10 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-11-26 21:10 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-04-20 15:50 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-20 15:50 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 02:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-20 15:50 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-26 21:10 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2008-11-26 22:22 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-07-11 18:25 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-16 20:54 . 2011-02-16 20:54 4992000 c:\windows\Installer\166eea7.msp
+ 2009-02-26 02:08 . 2009-02-26 02:08 8311808 c:\windows\Installer\166ee88.msp
+ 2009-04-05 00:10 . 2009-04-05 00:10 1282560 c:\windows\Installer\166ee75.msp
+ 2009-04-05 00:10 . 2009-04-05 00:10 7888384 c:\windows\Installer\166ee6d.msp
+ 2009-04-05 00:10 . 2009-04-05 00:10 9926144 c:\windows\Installer\166ee63.msp
+ 2009-04-04 17:14 . 2009-04-04 17:14 1094656 c:\windows\Installer\166ecfc.msp
- 2011-02-20 22:33 . 2011-02-20 22:33 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-02-20 22:33 . 2011-03-29 22:12 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2011-02-20 22:33 . 2011-02-20 22:33 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-27 23:11 . 2006-10-27 23:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 06:58 . 2006-10-27 06:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 07:00 . 2006-10-27 07:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 08:42 . 2006-09-30 08:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 22:57 . 2006-10-27 22:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 03:52 . 2006-10-27 03:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 23:04 . 2006-10-27 23:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-16 00:25 . 2006-09-16 00:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 04:07 . 2006-10-27 04:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 23:18 . 2006-10-27 23:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 04:14 . 2006-10-27 04:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 04:42 . 2006-10-27 04:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 22:47 . 2006-10-26 22:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 23:04 . 2006-10-27 23:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 04:00 . 2006-10-27 04:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 23:10 . 2006-10-27 23:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 04:02 . 2006-10-27 04:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 03:21 . 2006-10-27 03:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 22:10 . 2006-10-26 22:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2011-02-20 22:30 . 2011-02-20 22:30 1276720 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 03:49 . 2006-10-27 03:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2011-03-29 22:08 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-03-29 22:08 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2011-03-30 21:21 . 2011-03-30 21:21 2928640 c:\windows\ERDNT\3-30-2011\Users\00000001\NTUSER.DAT
+ 2009-04-20 15:50 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-20 15:50 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 02:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-20 15:50 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-03-29 22:05 . 2011-03-29 22:05 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-06-02 01:09 . 2011-03-03 02:56 37943240 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2010-12-21 12:29 11080704 c:\windows\system32\ieframe.dll
+ 2009-07-11 18:25 . 2010-12-21 12:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-29 22:09 . 2011-03-29 22:09 20304384 c:\windows\Installer\166ee94.msp
+ 2009-04-05 00:09 . 2009-04-05 00:09 15190016 c:\windows\Installer\166ed1d.msp
+ 2009-04-04 18:36 . 2009-04-04 18:36 21390848 c:\windows\Installer\166ecfd.msp
+ 2006-10-27 05:13 . 2006-10-27 05:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 23:23 . 2006-10-27 23:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 23:16 . 2006-10-27 23:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 23:14 . 2006-10-27 23:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 23:26 . 2006-10-27 23:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 23:01 . 2006-10-27 23:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 23:07 . 2006-10-27 23:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2011-03-29 22:08 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2009-04-05 00:08 . 2009-04-05 00:08 343058432 c:\windows\Installer\166ee58.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/29/2010 7:28 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/29/2010 7:28 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/29/2010 7:28 PM 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/29/2010 7:29 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/29/2010 7:29 PM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/29/2010 7:28 PM 249616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 3:34 PM 207872]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/29/2010 7:29 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 2:01 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 Norton Internet Security;Norton Internet Security; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 2:01 PM 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/29/2010 7:27 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/29/2010 7:27 PM 366840]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 21:01]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 21:01]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2453071809-3449326215-3069849577-1006Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-06 06:47]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2453071809-3449326215-3069849577-1006UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-06 06:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/country/us/en/welcome.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Kitchen Komputer\Application Data\Mozilla\Firefox\Profiles\wt1oqlcs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-30 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
c:\program files\PC Tools Security\TFEngine\TFNI.dll
c:\program files\PC Tools Security\TFEngine\TFMon.dll
c:\program files\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\WININET.dll
c:\program files\PC Tools Security\TFEngine\TfWah.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-03-30 15:17:11
ComboFix-quarantined-files.txt 2011-03-30 22:16
ComboFix2.txt 2011-03-29 17:13
.
Pre-Run: 132,995,809,280 bytes free
Post-Run: 132,974,653,440 bytes free
.
- - End Of File - - D2C330B91448E863984E6BFE43A8A684
ken545
2011-03-31, 01:23
When you run Spybot, is it gone ?
Migeliche
2011-03-31, 02:04
Success!!!!! Spybot couldn't find it. Does this mean that my PC is now OK to use for transactions like home banking?
ken545
2011-03-31, 02:14
The only way to 100% guarantee that your computer is not compromised it to do a format and reinstall of windows. You had some pretty nasty stuff on this system, but it looks like its all gone .

If you do use your computer for banking and online purchases, what I would do is change all your passwords for those sites and then keep an eye on your statements for unauthorized charges.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken
Migeliche
2011-03-31, 17:44
Ken, Thank you so much for all the work you have done to get my PC usable again. I sincerely appreciate it.
Thanks, Migeliche
ken545
2011-03-31, 19:03
Your very welcome,

Take Care,
Ken :)