PDA

View Full Version : Malware infection - requesting assistance


sucosam
2011-04-14, 23:45
Hi there folks,

I started getting pop ups for anti malware, and a antimalware doctor program which I didn't install...at least on purpose. I have not run spybot or adaware or anything like this, as I didn't want to compound the issue. As stated in the top sticky I will include the contents of the DDS file and attach the zipped Attach file. I also have already backed up my registry. Thanks in advance for any assistance.

DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by colin at 16:38:50.42 on Thu 04/14/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1040 [GMT -4:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Agfa\AgfaNiAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\Profiles\colin\Application Data\A6EA7B2B5D689B76420EC643DAB10FA6\k70ccreloc.exe
C:\Program Files\PrintKey\Printkey.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\program files\marimba\tuner\Tuner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\program files\marimba\tuner\.marimba\TAHEProd\ch.2\data\sum.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\marimba\tuner\lib\minituner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Profiles\colin\Local Settings\Temporary Internet Files\Content.IE5\BKP6X7WL\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=66e3a2850000000000000025649b7300&tlver=1.4.19.19&affID=17159
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Umitucoruwuyan] rundll32.exe "c:\windows\msntil.dll",Startup
uRun: [k70ccreloc.exe] d:\profiles\colin\application data\a6ea7b2b5d689b76420ec643dab10fa6\k70ccreloc.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AgfaNiAgnt] "c:\program files\agfa\AgfaNiAgent.exe" /S
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "d:\profiles\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxioNowMediaManagerApp] c:\program files\roxio\roxionow player\RNowShell.exe -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Phumicuh] rundll32.exe "c:\windows\unapoxul.dll",Startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\profiles\colin\startm~1\programs\startup\antima~1.lnk - d:\profiles\colin\application data\a6ea7b2b5d689b76420ec643dab10fa6\k70ccreloc.exe
StartupFolder: d:\profiles\colin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: d:\profiles\alluse~1\startm~1\programs\startup\bginfo.lnk - c:\program files\agfa\Bginfo.exe
StartupFolder: d:\profiles\alluse~1\startm~1\programs\startup\printkey.lnk - c:\program files\printkey\Printkey.exe
mPolicies-system: defaultdomainname = AGFAHEALTHCARE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: webprint.com\staplescanada
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279025696578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279025690531
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sapgui\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sapgui\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\netinst\NiAMH.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\profiles\colin\applic~1\mozilla\firefox\profiles\g5vahwn7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=66e3a2850000000000000025649b7300&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - plugin: d:\profiles\colin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-22 343664]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-1-22 24064]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-13 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-13 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-7-13 28232]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-14 54760]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-10-22 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-10-22 146448]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-10-22 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-1-22 70728]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-7-13 1283400]
R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2010-12-11 400368]
R2 TAHEProd;TAHEProd;c:\program files\marimba\tuner\Tuner.exe [2008-4-15 36952]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-1-22 168616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-22 91672]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-22 43288]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S2 NiExServ;NetInstall Executive;c:\program files\netinst\NiExServ.exe [2010-1-22 173424]
S3 aaudstum;aaudstum;\??\d:\profiles\colin\locals~1\temp\aaudstum.sys --> d:\profiles\colin\locals~1\temp\aaudstum.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-1-22 65448]
S3 NIAIServ;NetInstall Service;c:\program files\netinst\NiAiServ.exe [2010-1-22 198000]
S3 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-7-13 3505992]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-04-14 20:12:01 0 ----a-w- c:\windows\Jvozodip.bin
2011-04-14 20:12:00 -------- d-----w- d:\profiles\colin\locals~1\applic~1\{C4D0B4C4-A3B2-4C2F-9014-5A4306655925}
2011-04-14 20:10:27 -------- d-----w- d:\profiles\colin\applic~1\A6EA7B2B5D689B76420EC643DAB10FA6
2011-04-09 01:09:26 -------- d-----w- d:\profiles\colin\applic~1\BabylonToolbar
2011-04-09 01:02:06 -------- d-----w- c:\program files\Yuna Software
2011-04-04 15:53:24 -------- d-----w- C:\My Music
2011-04-04 15:52:43 -------- d-----w- c:\program files\AudioConverter Studio
2011-03-29 19:09:32 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-03-29 19:09:30 37376 ----a-w- c:\windows\system32\libusb0.dll
2011-03-28 17:10:23 -------- d-----w- c:\program files\iPod
2011-03-28 17:10:20 -------- d-----w- c:\program files\iTunes
2011-03-28 14:06:57 -------- d-----w- C:\recipes
2011-03-25 13:37:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 13:37:03 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-25 13:37:03 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-25 13:37:03 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-25 13:37:03 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-25 13:37:03 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-25 13:37:03 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-25 13:37:03 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-21 20:21:19 -------- d-----w- C:\2010 tax year
2011-03-19 14:32:50 -------- d-----w- d:\profiles\colin\locals~1\applic~1\SCE
2011-03-19 14:31:11 -------- d-----w- c:\program files\Sony Online Entertainment
2011-03-19 14:31:10 -------- d-----w- d:\profiles\colin\applic~1\Sony Online Entertainment
.
==================== Find3M ====================
.
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-27 15:46:21 0 ----a-w- c:\windows\invcol.tmp
2007-12-11 13:55:14 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2007-12-11 13:55:14 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2007-12-11 13:55:14 3125248 ----a-w- c:\program files\common files\sapxlhelper.dll
2007-12-11 13:55:14 192512 ----a-w- c:\program files\common files\sapconsr3.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160318AS rev.CC45 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DAC439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89db27d0]; MOV EAX, [0x89db284c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D72AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89CF4030]
\Driver\atapi[0x89DCF6E8] -> IRP_MJ_CREATE -> 0x89DAC439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskST3160318AS_____________________________CC45____#5&49f2cec&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89DAC27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:40:36.46 ===============
ken545
2011-04-17, 03:20
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Your infected with a Rootkit


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
sucosam
2011-04-17, 21:05
Thank you ken545 for your reply. Here are the contents of the log you requested:

TDSSKiller.2.4.21.0_16.04.2011_23.50.00_log

2011/04/16 23:50:00.0687 7980 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/16 23:50:00.0937 7980 ================================================================================
2011/04/16 23:50:00.0937 7980 SystemInfo:
2011/04/16 23:50:00.0937 7980
2011/04/16 23:50:00.0937 7980 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/16 23:50:00.0937 7980 Product type: Workstation
2011/04/16 23:50:00.0937 7980 ComputerName: CANWA04786
2011/04/16 23:50:00.0937 7980 UserName: colin
2011/04/16 23:50:00.0937 7980 Windows directory: C:\WINDOWS
2011/04/16 23:50:00.0953 7980 System windows directory: C:\WINDOWS
2011/04/16 23:50:00.0953 7980 Processor architecture: Intel x86
2011/04/16 23:50:00.0953 7980 Number of processors: 2
2011/04/16 23:50:00.0953 7980 Page size: 0x1000
2011/04/16 23:50:00.0953 7980 Boot type: Normal boot
2011/04/16 23:50:00.0953 7980 ================================================================================
2011/04/16 23:50:02.0484 7980 Initialize success
2011/04/16 23:50:07.0109 4804 ================================================================================
2011/04/16 23:50:07.0109 4804 Scan started
2011/04/16 23:50:07.0109 4804 Mode: Manual;
2011/04/16 23:50:07.0109 4804 ================================================================================
2011/04/16 23:50:21.0046 4804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/16 23:50:21.0093 4804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/16 23:50:21.0156 4804 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/04/16 23:50:21.0203 4804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/16 23:50:21.0609 4804 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/16 23:50:23.0109 4804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/16 23:50:23.0203 4804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/16 23:50:24.0625 4804 ati2mtag (c4828a671467c6fb43f2e6d54b5950ee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/16 23:50:26.0015 4804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/16 23:50:26.0390 4804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/16 23:50:26.0796 4804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/16 23:50:27.0296 4804 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/04/16 23:50:27.0765 4804 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/04/16 23:50:28.0437 4804 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/04/16 23:50:28.0921 4804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/16 23:50:29.0187 4804 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/16 23:50:29.0890 4804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/16 23:50:30.0171 4804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/16 23:50:30.0421 4804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/16 23:50:31.0140 4804 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/04/16 23:50:31.0781 4804 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/04/16 23:50:32.0750 4804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/16 23:50:33.0156 4804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/16 23:50:33.0531 4804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/16 23:50:33.0781 4804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/16 23:50:34.0234 4804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/16 23:50:34.0609 4804 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/16 23:50:35.0515 4804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/16 23:50:35.0828 4804 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/04/16 23:50:36.0359 4804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/16 23:50:36.0656 4804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/16 23:50:37.0125 4804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/16 23:50:37.0593 4804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/16 23:50:38.0171 4804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/16 23:50:38.0500 4804 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/04/16 23:50:38.0875 4804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/16 23:50:39.0171 4804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/16 23:50:39.0593 4804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/16 23:50:40.0125 4804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/16 23:50:40.0640 4804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/16 23:50:40.0796 4804 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/04/16 23:50:41.0421 4804 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/16 23:50:42.0062 4804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/16 23:50:42.0546 4804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/04/16 23:50:42.0875 4804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/16 23:50:43.0515 4804 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/16 23:50:43.0718 4804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/16 23:50:44.0218 4804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/16 23:50:44.0609 4804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/16 23:50:45.0421 4804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/16 23:50:45.0781 4804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/16 23:50:46.0250 4804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/16 23:50:46.0593 4804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/16 23:50:47.0343 4804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/16 23:50:47.0812 4804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/16 23:50:48.0250 4804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/16 23:50:49.0281 4804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/16 23:50:49.0703 4804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/16 23:50:50.0250 4804 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/04/16 23:50:52.0843 4804 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/04/16 23:50:54.0281 4804 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2011/04/16 23:50:55.0281 4804 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/04/16 23:50:55.0781 4804 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/04/16 23:50:56.0234 4804 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/04/16 23:50:56.0765 4804 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/04/16 23:50:57.0125 4804 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/04/16 23:50:57.0734 4804 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/04/16 23:50:57.0875 4804 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/04/16 23:50:57.0984 4804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/16 23:50:58.0031 4804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/16 23:50:58.0109 4804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/16 23:50:58.0140 4804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/16 23:50:58.0156 4804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/16 23:50:58.0218 4804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/16 23:50:58.0328 4804 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/16 23:50:58.0359 4804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/16 23:50:58.0453 4804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/16 23:50:58.0484 4804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/16 23:50:58.0500 4804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/16 23:50:58.0546 4804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/16 23:50:58.0609 4804 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/16 23:50:58.0671 4804 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/16 23:50:58.0687 4804 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/16 23:50:58.0734 4804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/16 23:50:58.0750 4804 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/16 23:50:58.0781 4804 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/16 23:50:58.0796 4804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/16 23:50:58.0843 4804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/16 23:50:58.0890 4804 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/16 23:50:58.0937 4804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/16 23:50:58.0953 4804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/16 23:50:59.0015 4804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/16 23:50:59.0046 4804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/16 23:50:59.0093 4804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/16 23:50:59.0140 4804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/16 23:50:59.0171 4804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/16 23:50:59.0218 4804 OADevice (f759e5266a91e6a9ab5dd7939c6560b6) C:\WINDOWS\system32\drivers\OADriver.sys
2011/04/16 23:50:59.0234 4804 OAmon (fe6a66c9614de5e0f3e6b846a699fcae) C:\WINDOWS\system32\drivers\OAmon.sys
2011/04/16 23:50:59.0265 4804 OAnet (44bff97b3704475194380e563180b64e) C:\WINDOWS\system32\drivers\OAnet.sys
2011/04/16 23:50:59.0375 4804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/16 23:50:59.0406 4804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/16 23:50:59.0421 4804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/16 23:50:59.0453 4804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/16 23:50:59.0500 4804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/16 23:50:59.0562 4804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/16 23:50:59.0656 4804 pepifilter (4350cb255ad546f4668c8b8afd6a00a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/04/16 23:50:59.0796 4804 PID_08A0 (6b310de726e1a0defd66718a7f79b5d2) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/04/16 23:50:59.0968 4804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/16 23:51:00.0000 4804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/16 23:51:00.0046 4804 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/16 23:51:00.0156 4804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/16 23:51:00.0171 4804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/16 23:51:00.0187 4804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/16 23:51:00.0218 4804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/16 23:51:00.0234 4804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/16 23:51:00.0250 4804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/16 23:51:00.0328 4804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/16 23:51:00.0390 4804 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/16 23:51:00.0453 4804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/16 23:51:00.0515 4804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/16 23:51:00.0562 4804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/16 23:51:00.0578 4804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/16 23:51:00.0609 4804 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/04/16 23:51:00.0625 4804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/16 23:51:00.0687 4804 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/16 23:51:00.0765 4804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/16 23:51:00.0812 4804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/16 23:51:00.0859 4804 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/16 23:51:00.0921 4804 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/16 23:51:00.0968 4804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/16 23:51:01.0015 4804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/16 23:51:01.0125 4804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/16 23:51:01.0171 4804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/16 23:51:01.0218 4804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/16 23:51:01.0218 4804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/16 23:51:01.0250 4804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/16 23:51:01.0328 4804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/16 23:51:01.0390 4804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/16 23:51:01.0453 4804 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/16 23:51:01.0593 4804 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/16 23:51:01.0640 4804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/16 23:51:01.0687 4804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/16 23:51:01.0734 4804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/16 23:51:01.0796 4804 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
2011/04/16 23:51:01.0890 4804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/16 23:51:01.0953 4804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/16 23:51:02.0000 4804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/16 23:51:02.0031 4804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/16 23:51:02.0062 4804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/16 23:51:02.0125 4804 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2011/04/16 23:51:02.0187 4804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/16 23:51:02.0234 4804 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/04/16 23:51:02.0343 4804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/16 23:51:02.0421 4804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/16 23:51:02.0468 4804 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/16 23:51:02.0531 4804 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/16 23:51:02.0546 4804 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/16 23:51:02.0593 4804 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/16 23:51:02.0609 4804 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/16 23:51:02.0687 4804 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/16 23:51:02.0734 4804 ================================================================================
2011/04/16 23:51:02.0734 4804 Scan finished
2011/04/16 23:51:02.0734 4804 ================================================================================
2011/04/16 23:51:02.0750 2488 Detected object count: 1
2011/04/16 23:51:21.0500 2488 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/16 23:51:21.0500 2488 \HardDisk0 - ok
2011/04/16 23:51:21.0500 2488 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/16 23:52:15.0421 3552 Deinitialize success
ken545
2011-04-17, 22:01
:bigthumb: Good job


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.




Run ATF Cleaner, then run Malwarebytes and post the log and then run OTL and post that log
sucosam
2011-04-17, 23:37
Here is the Malwarebytes log. I will be running OTL shortly and will post the results of that when ready.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6386

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/17/2011 4:34:50 PM
mbam-log-2011-04-17 (16-34-50).txt

Scan type: Quick scan
Objects scanned: 219622
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
d:\Profiles\colin\application data\a6ea7b2b5d689b76420ec643dab10fa6\k70ccreloc.exe (Trojan.FakeAlert) -> 456 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\msntil.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Umitucoruwuyan (Trojan.Hiloti.Gen) -> Value: Umitucoruwuyan -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k70ccreloc.exe (Trojan.FakeAlert) -> Value: k70ccreloc.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\catntfsauth.exe (Trojan.FakeAlert) -> Value: catntfsauth.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*catntfsauth.exe (Trojan.FakeAlert) -> Value: *catntfsauth.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\authuiapi.exe (Trojan.FakeAlert) -> Value: authuiapi.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*authuiapi.exe (Trojan.FakeAlert) -> Value: *authuiapi.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upd_debug.exe (Trojan.FakeAlert) -> Value: upd_debug.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Value: *upd_debug.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
d:\Profiles\colin\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\msntil.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
d:\Profiles\colin\application data\a6ea7b2b5d689b76420ec643dab10fa6\k70ccreloc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\catntfsauth.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\authuiapi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\Profiles\colin\my documents\downloads\setupplaysushi.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
d:\Profiles\colin\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
d:\Profiles\colin\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
d:\Profiles\colin\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
d:\Profiles\colin\application data\a6ea7b2b5d689b76420ec643dab10fa6\upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\Profiles\colin\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
d:\Profiles\colin\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
sucosam
2011-04-17, 23:59
OTL.txt

OTL logfile created on: 4/17/2011 4:50:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Profiles\colin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.60 Gb Total Space | 9.18 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive D: | 89.41 Gb Total Space | 4.89 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 885.91 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive H: | 487.03 Mb Total Space | 451.69 Mb Free Space | 92.74% Space Free | Partition Type: FAT32

Computer Name: CANWA04786 | User Name: colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Profiles\colin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe (Roxio)
PRC - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe (Roxio)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Emsisoft\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - C:\Program Files\marimba\tuner\.marimba\TAHEProd\ch.2\data\sum.exe (BMC Software)
PRC - C:\Program Files\Agfa\AgfaNiAgent.exe ( )
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\marimba\tuner\lib\minituner.exe (BMC Software, Inc.)
PRC - C:\Program Files\marimba\tuner\Tuner.exe (BMC Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\PrintKey\Printkey.exe (Fred's Software Company)


========== Modules (SafeList) ==========

MOD - D:\Profiles\colin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\unapoxul.dll ()
MOD - C:\Program Files\NetInst\NiAMH.dll (enteo Software GmbH)
MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (RoxioNow Service) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (SvcOnlineArmor) -- C:\Program Files\Emsisoft\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- C:\Program Files\Emsisoft\Online Armor\OAcat.exe (Emsi Software GmbH)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (TAHEProd) -- C:\Program Files\marimba\tuner\Tuner.exe (BMC Software, Inc.)
SRV - (NIAIServ) -- C:\Program Files\NetInst\NiAiServ.exe (enteo Software GmbH)
SRV - (NiExServ) -- C:\Program Files\NetInst\NiExServ.exe (enteo Software GmbH)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys (Emsisoft)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=66e3a2850000000000000025649b7300&tlver=1.4.19.19&affID=17159


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intra.agfanet
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intra.agfanet
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=66e3a2850000000000000025649b7300&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{C4D0B4C4-A3B2-4C2F-9014-5A4306655925}: D:\Profiles\colin\Local Settings\Application Data\{C4D0B4C4-A3B2-4C2F-9014-5A4306655925} [2011/04/14 16:12:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 09:37:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/05 13:52:25 | 000,000,000 | ---D | M]

[2010/02/21 11:54:58 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\colin\Application Data\Mozilla\Extensions
[2011/04/14 14:04:18 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\colin\Application Data\Mozilla\Firefox\Profiles\g5vahwn7.default\extensions
[2011/03/04 10:50:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Profiles\colin\Application Data\Mozilla\Firefox\Profiles\g5vahwn7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/12 08:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 08:48:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/12 08:48:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
() (No name found) -- D:\PROFILES\COLIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G5VAHWN7.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
[2011/04/14 16:12:00 | 000,000,000 | ---D | M] (XULRunner) -- D:\PROFILES\COLIN\LOCAL SETTINGS\APPLICATION DATA\{C4D0B4C4-A3B2-4C2F-9014-5A4306655925}
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/12 08:48:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/08 21:02:29 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/07/13 10:13:40 | 000,380,306 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13104 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AgfaNiAgnt] C:\Program Files\Agfa\AgfaNiAgent.exe ( )
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Phumicuh] C:\WINDOWS\unapoxul.dll ()
O4 - HKLM..\Run: [propdebugauto.exe] D:\Profiles\LocalService.NT AUTHORITY\Application Data\propdebugauto.exe ()
O4 - HKLM..\Run: [RoxioNowMediaManagerApp] C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe (Roxio)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007..\Run: [Umitucoruwuyan] File not found
O4 - HKLM..\RunOnce: [*propdebugauto.exe] D:\Profiles\LocalService.NT AUTHORITY\Application Data\propdebugauto.exe ()
O4 - Startup: D:\Profiles\All Users\Start Menu\Programs\Startup\Bginfo.lnk = C:\Program Files\Agfa\Bginfo.exe (Bryce Cogswell)
O4 - Startup: D:\Profiles\All Users\Start Menu\Programs\Startup\Printkey.lnk = C:\Program Files\PrintKey\Printkey.exe (Fred's Software Company)
O4 - Startup: D:\Profiles\colin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: defaultdomainname = AGFAHEALTHCARE
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: webprint.com ([staplescanada] http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\..Trusted Domains: webprint.com ([staplescanada] https in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279025696578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279025690531 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames.com/plugins/activex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agfahealthcare.com
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAPGui\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAPGui\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\NetInst\NiAMH.dll) - C:\Program Files\NetInst\NiAMH.dll (enteo Software GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Profiles\colin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Profiles\colin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Emsisoft\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/22 10:16:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2000478354-2111687655-682003330-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 16:49:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Profiles\colin\Desktop\OTL.exe
[2011/04/17 15:38:21 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Desktop\Malware fix
[2011/04/17 15:37:02 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Application Data\Malwarebytes
[2011/04/17 15:36:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/17 15:36:57 | 000,000,000 | ---D | C] -- D:\Profiles\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/17 15:36:56 | 000,000,000 | ---D | C] -- D:\Profiles\All Users\Application Data\Malwarebytes
[2011/04/17 15:36:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/17 15:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/14 16:12:00 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Local Settings\Application Data\{C4D0B4C4-A3B2-4C2F-9014-5A4306655925}
[2011/04/14 16:10:27 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Application Data\A6EA7B2B5D689B76420EC643DAB10FA6
[2011/04/08 21:09:26 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Application Data\BabylonToolbar
[2011/04/08 21:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011/04/04 11:53:24 | 000,000,000 | ---D | C] -- C:\My Music
[2011/04/04 11:52:54 | 000,000,000 | ---D | C] -- D:\Profiles\All Users\Start Menu\Programs\AudioConverter Studio
[2011/04/04 11:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\AudioConverter Studio
[2011/03/29 15:09:32 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2011/03/29 15:09:30 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2011/03/28 13:11:00 | 000,000,000 | ---D | C] -- D:\Profiles\All Users\Start Menu\Programs\iTunes
[2011/03/28 13:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/28 13:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/28 10:06:57 | 000,000,000 | ---D | C] -- C:\recipes
[2011/03/21 16:21:19 | 000,000,000 | ---D | C] -- C:\2010 tax year
[2011/03/19 10:32:50 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Local Settings\Application Data\SCE
[2011/03/19 10:32:48 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Start Menu\Programs\Games
[2011/03/19 10:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2011/03/19 10:31:10 | 000,000,000 | ---D | C] -- D:\Profiles\colin\Application Data\Sony Online Entertainment
[2010/01/22 11:08:30 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2010/01/22 11:08:30 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2010/01/22 11:08:29 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2010/01/22 11:08:29 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/17 16:42:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 16:42:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/17 16:42:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/04/17 16:41:04 | 000,437,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 16:41:04 | 000,070,642 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/17 16:38:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Profiles\colin\Desktop\OTL.exe
[2011/04/17 16:36:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/17 16:36:40 | 2111,406,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 16:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 15:32:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Aqecerokonib.dat
[2011/04/17 12:40:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jvozodip.bin
[2011/04/16 23:48:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/14 16:37:48 | 000,000,677 | ---- | M] () -- D:\Profiles\colin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/13 18:56:56 | 000,101,218 | ---- | M] () -- D:\Profiles\colin\My Documents\The ghosts of Misty hill.rtf
[2011/04/12 10:34:54 | 000,000,570 | ---- | M] () -- D:\Profiles\All Users\Desktop\Kobo.lnk
[2011/04/12 08:53:54 | 000,043,398 | ---- | M] () -- D:\Profiles\colin\Desktop\printkey image.gif
[2011/04/11 12:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/04 12:55:03 | 000,001,854 | ---- | M] () -- D:\Profiles\All Users\Desktop\Safari.lnk
[2011/04/04 12:55:03 | 000,001,854 | ---- | M] () -- D:\Profiles\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/04 11:52:54 | 000,000,588 | ---- | M] () -- D:\Profiles\colin\Desktop\AudioConverter Studio.lnk
[2011/04/04 11:52:54 | 000,000,588 | ---- | M] () -- D:\Profiles\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\AudioConverter Studio.lnk
[2011/04/03 14:44:45 | 000,002,375 | ---- | M] () -- D:\Profiles\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/03/29 15:09:32 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2011/03/29 15:09:30 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2011/03/28 13:11:00 | 000,001,466 | ---- | M] () -- D:\Profiles\All Users\Desktop\iTunes.lnk
[2011/03/25 09:37:05 | 000,000,628 | ---- | M] () -- D:\Profiles\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 09:37:05 | 000,000,628 | ---- | M] () -- D:\Profiles\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/22 18:38:44 | 000,001,990 | ---- | M] () -- D:\Profiles\colin\Desktop\Magic The Gathering Tactics.lnk
[2011/03/22 15:35:28 | 000,142,336 | ---- | M] () -- D:\Profiles\colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/19 10:32:48 | 000,001,528 | ---- | M] () -- D:\Profiles\colin\Desktop\Clone Wars.lnk
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/14 16:12:01 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Aqecerokonib.dat
[2011/04/14 16:12:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jvozodip.bin
[2011/04/12 20:09:52 | 000,101,218 | ---- | C] () -- D:\Profiles\colin\My Documents\The ghosts of Misty hill.rtf
[2011/04/12 08:53:54 | 000,043,398 | ---- | C] () -- D:\Profiles\colin\Desktop\printkey image.gif
[2011/04/04 12:55:03 | 000,001,854 | ---- | C] () -- D:\Profiles\All Users\Desktop\Safari.lnk
[2011/04/04 11:52:54 | 000,000,588 | ---- | C] () -- D:\Profiles\colin\Desktop\AudioConverter Studio.lnk
[2011/04/04 11:52:54 | 000,000,588 | ---- | C] () -- D:\Profiles\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\AudioConverter Studio.lnk
[2011/03/28 13:11:00 | 000,001,466 | ---- | C] () -- D:\Profiles\All Users\Desktop\iTunes.lnk
[2011/03/25 09:37:05 | 000,000,628 | ---- | C] () -- D:\Profiles\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/22 18:38:44 | 000,001,990 | ---- | C] () -- D:\Profiles\colin\Desktop\Magic The Gathering Tactics.lnk
[2011/03/19 10:32:48 | 000,001,528 | ---- | C] () -- D:\Profiles\colin\Desktop\Clone Wars.lnk
[2011/01/27 11:56:38 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/09/06 10:35:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/07 16:16:12 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/28 20:13:17 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/28 07:12:20 | 000,047,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/20 09:17:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\pdfxp.dll
[2010/05/12 13:50:55 | 000,000,040 | -HS- | C] () -- D:\Profiles\All Users\Application Data\.zreglib
[2010/04/30 14:15:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/27 14:55:20 | 000,000,210 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/28 18:10:15 | 000,142,336 | ---- | C] () -- D:\Profiles\colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 13:02:58 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/23 13:02:58 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/02/23 12:52:11 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/23 12:52:11 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/23 12:52:11 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2010/02/23 12:51:25 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/02/23 12:51:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/02/23 12:51:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/23 12:44:23 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/02/21 21:21:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/02/21 11:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/22 16:08:54 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\ina32.ini
[2010/01/22 13:05:42 | 000,381,440 | ---- | C] () -- C:\WINDOWS\unapoxul.dll
[2010/01/22 13:05:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/01/22 13:05:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/01/22 13:05:40 | 000,437,290 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 13:05:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/01/22 13:05:40 | 000,070,642 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 13:05:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/01/22 13:05:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/01/22 13:05:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/01/22 13:05:40 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/01/22 13:05:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/01/22 13:05:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/01/22 13:05:39 | 000,028,673 | ---- | C] () -- C:\WINDOWS\System32\cpnoged.dll
[2010/01/22 13:05:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/01/22 13:04:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/01/22 13:04:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/22 13:04:09 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/01/22 13:04:09 | 000,197,655 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/22 13:04:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/01/22 13:04:09 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/01/22 11:09:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/01/22 11:09:54 | 000,036,389 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010/01/22 11:09:54 | 000,002,042 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2010/01/22 11:09:54 | 000,000,332 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2010/01/22 11:08:29 | 001,229,312 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2010/01/22 11:08:29 | 001,167,872 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2010/01/22 11:05:53 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2010/01/22 11:05:53 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2010/01/22 11:05:53 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2010/01/22 11:05:53 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2010/01/22 11:05:52 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2010/01/22 11:05:49 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2010/01/22 10:51:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/22 10:38:39 | 000,001,235 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/01/22 10:18:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 10:14:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/22 05:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/22 05:10:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/22 05:09:19 | 000,221,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/19 19:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 19:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

========== LOP Check ==========

[2010/07/13 10:12:19 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\abelhadigital.com
[2010/06/25 19:18:00 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\agi
[2010/01/22 10:59:47 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\Lotus
[2010/06/14 18:26:13 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\Messenger Plus!
[2010/07/13 13:03:23 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\OnlineArmor
[2010/09/10 14:48:23 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\PopCap
[2010/05/23 16:45:13 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\ScanSoft
[2010/05/12 13:50:55 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\SlySoft
[2010/03/01 09:35:24 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\TEMP
[2010/09/06 15:08:12 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\YoYoGames
[2010/04/22 18:18:42 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/12 11:29:51 | 000,000,000 | ---D | M] -- D:\Profiles\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/17 16:34:50 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\A6EA7B2B5D689B76420EC643DAB10FA6
[2010/07/13 10:12:19 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\abelhadigital.com
[2011/04/08 21:09:26 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\BabylonToolbar
[2010/02/21 21:20:51 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\Leadertech
[2010/07/13 12:44:52 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\OnlineArmor
[2010/03/03 15:00:58 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\ScanSoft
[2011/01/25 12:46:22 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\SmartDraw
[2011/03/19 10:31:11 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\Sony Online Entertainment
[2010/09/18 15:07:02 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\Unity
[2010/04/20 21:16:04 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\VirtualStore
[2010/07/09 12:53:03 | 000,000,000 | ---D | M] -- D:\Profiles\colin\Application Data\Windows Live Writer
[2011/04/17 16:42:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> D:\Profiles\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> D:\Profiles\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
sucosam
2011-04-18, 00:00
Extras.log

OTL Extras logfile created on: 4/17/2011 4:50:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Profiles\colin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.60 Gb Total Space | 9.18 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive D: | 89.41 Gb Total Space | 4.89 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 885.91 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive H: | 487.03 Mb Total Space | 451.69 Mb Free Space | 92.74% Space Free | Partition Type: FAT32

Computer Name: CANWA04786 | User Name: colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe" = C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe:*:Enabled:RoxioNow Player -- (Roxio)
"D:\Profiles\colin\Local Settings\temp\Update_a632.exe" = D:\Profiles\colin\Local Settings\temp\Update_a632.exe:*:Enabled:InstallCore™


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06485A4E-ECB7-0102-2EAC-B012F21A6CA3}" = CCC Help Portuguese
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC5AE85-BAED-400D-95E6-A3528FC9B124}" = Livelink Office Editor
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{10474B2A-0AA8-DCB4-2C94-9F25A2807DD2}" = CCC Help Chinese Standard
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{180AC503-6BE9-3189-37F8-791CF38065FE}" = CCC Help Italian
"{183f5fe4-da75-41a9-83f1-600f994881dc}" = Organizer And Filing Cabinet
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AAE3976-3167-4BDF-B785-00E19C6671A3}" = Lotus Notes 6.5.4
"{1ADE4916-4EEE-90CD-D489-F0876A17FB63}" = TAHEProd
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F0F3AE8-0098-4373-947F-59A431BB55B9}" = Staples Copy & Print 2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{282E8608-2879-2B3F-8BDD-B9EC16094F48}" = Catalyst Control Center Graphics Full New
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D28E025-08CF-D830-4A78-2C03ED17936C}" = ccc-core-preinstall
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F400402-B5FF-47F5-BDD4-8FD0883C752B}" = IBM Lotus Sametime Connect 7.5.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3DAF1B65-C35E-5C89-6D7C-928FB4EAF181}" = Catalyst Control Center Graphics Previews Common
"{413E247D-3BB4-11BC-888C-E106A6E7368A}" = CCC Help Hungarian
"{43756270-6877-0FFC-2A93-20FDC42C39DD}" = CCC Help French
"{4462B344-CA41-EED7-09E7-EA1481C5CE2C}" = ccc-core-static
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{467F64F7-ABF8-EB9A-8BB8-FD7FAA677CE0}" = Catalyst Control Center Localization All
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47597750-3045-A2A3-FE1D-AEA38888AFC3}" = Catalyst Control Center Graphics Light
"{4918550C-0F92-6F99-8F8E-7A4070FF3279}" = CCC Help Spanish
"{498D5EE4-2C9D-ED0C-11CD-1064754E8F30}" = CCC Help Turkish
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E642CDB-2528-4B9E-BFAE-B2E2F2DE7524}" = ccc-utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EC505A3-DD55-8F86-2CBE-2DB5712D5D3C}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8E18DFC7-8084-2FA2-4139-0DA6C9C7E178}" = CCC Help German
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{965229CC-F227-BD02-034F-2FAA5A413F24}" = Catalyst Control Center Graphics Full Existing
"{996CC435-80B7-D824-B6CD-4874B5059F2E}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2046A17-C719-A9CE-0995-94878859B304}" = CCC Help Japanese
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFC699F0-A266-8C5C-F85C-D544BAC14F43}" = Catalyst Control Center Core Implementation
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BC590BDF-A027-71B8-ABF9-FD6870A09A1C}" = CCC Help Korean
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8E5A554-25CB-761C-446F-1ABC9DCD30FC}" = Skins
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)
"Kobo" = Kobo
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 4.0
"PROSet" = Intel(R) Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SmartDraw VP" = SmartDraw VP
"VeryPDF PDFcamp Printer v2.3_is1" = VeryPDF PDFcamp Printer v2.3
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"SOE-Clone Wars" = Clone Wars
"SOE-Magic The Gathering Tactics" = Magic The Gathering Tactics
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2011 4:02:05 PM | Computer Name = CANWA04786 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/17/2011 4:02:05 PM | Computer Name = CANWA04786 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/17/2011 4:02:05 PM | Computer Name = CANWA04786 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/17/2011 4:02:06 PM | Computer Name = CANWA04786 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/17/2011 4:05:50 PM | Computer Name = CANWA04786 | Source = Application Error | ID = 1000
Description = Faulting application crashreporter.exe, version 2.0.0.4094, faulting
module unknown, version 0.0.0.0, fault address 0x0351af2a.

Error - 4/17/2011 4:05:54 PM | Computer Name = CANWA04786 | Source = Application Error | ID = 1000
Description = Faulting application crashreporter.exe, version 2.0.0.4094, faulting
module unknown, version 0.0.0.0, fault address 0x0351af2a.

Error - 4/17/2011 4:36:57 PM | Computer Name = CANWA04786 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/17/2011 4:36:58 PM | Computer Name = CANWA04786 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/17/2011 4:42:38 PM | Computer Name = CANWA04786 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/17/2011 4:42:38 PM | Computer Name = CANWA04786 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 4/17/2011 3:54:24 PM | Computer Name = CANWA04786 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/17/2011 4:00:13 PM | Computer Name = CANWA04786 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/17/2011 4:02:06 PM | Computer Name = CANWA04786 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AGFAHEALTHCARE due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.

Error - 4/17/2011 4:02:12 PM | Computer Name = CANWA04786 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/17/2011 4:02:12 PM | Computer Name = CANWA04786 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/17/2011 4:17:12 PM | Computer Name = CANWA04786 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 4/17/2011 4:36:57 PM | Computer Name = CANWA04786 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AGFAHEALTHCARE due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.

Error - 4/17/2011 4:37:00 PM | Computer Name = CANWA04786 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/17/2011 4:37:01 PM | Computer Name = CANWA04786 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/17/2011 4:37:01 PM | Computer Name = CANWA04786 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >
ken545
2011-04-18, 01:06
Let me ask you , is this a corporate computer ?
sucosam
2011-04-18, 01:18
Hi,

Yes, sort of. I have a laptop that I use to connect to a VPN on which I do my day-to-day work. This desktop was provided by my employer with the intentions of it being a test server. However, they failed to provide me with any software in for it to be used as a test server. So the answer to the question is yes it is a corporate computer. But we use it for personal use.
ken545
2011-04-18, 01:52
You failed to tell me that, it was in Before You Post

Scroll down to company computers
http://forums.spybot.info/showthread.php?t=288

You need to contact your IT department for further cleaning