Unable to resolve trojan virtumonde.sci
This is my first post to this Forum.
I have an XP-Pro machine with Kaspersky Internet Security 2010. Stalling and slow performance and crashes (with MSIE 7 and other programs reported as "not responding") led me to run an additional scan with Spybot Search and Destroy. It identified "virtumonde.sci" described here: http://www.safer-networking.org/en/threats/2826.html
This follows months of Kaspersky updates, complete system scans and my following Kaspersky's instructions to maintain the system. It did not report this.
Since the stalling activity includes "Spybot Search and Destroy" itself I am unable to complete any virus removal with it. While S&D lists the virtumonde.sci, tryng the next step to remove it results only in a message of "not responding" shown in Windows Task Manager > Applications. Like many other programs it stalls and will not proceed further. I get this result whether Kaspersky Internet Security is running or disabled.
From other posts on the Internet I understand the key listed by S&D will reinstate itself if I used Regedit to remove it.
Thank you. A copy of dds.txt follows, and attach.txt in .zip form is attached:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Tom at 13:17:41 on 2011-07-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2004 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ShowBarObj Class: {2863e737-dd3f-4280-9af8-e9e79c16f312} - c:\program files\savetubevideo.com\savetubevideo\MinBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: ShowBarObjMp3 Class: {cf59ae24-5796-44fc-9575-8d4f383c65f8} - c:\program files\youtubemp3downloader.net\youtubemp3downloader\MinBHOMp3.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Save Tube Video: {f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} - c:\program files\savetubevideo.com\savetubevideo\SaveTubeVideo.dll
TB: YouTube MP3 Downloader: {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - c:\program files\youtubemp3downloader.net\youtubemp3downloader\YouTubeMP3.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: DzSoft Favorites Search: {4dc701a0-93ad-11d4-a15b-af07886e4a07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [fsm]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [X-keys Programming] c:\program files\pi engineering\x-keys\XKWdkApp.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [STT]
mRun: [Simpo Print Server] c:\program files\simpo pdf creator\SimpoPrintSrv.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [msjavadll] javaw
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [<NO NAME>]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office97\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\windows\system32\taskmgr.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\soundtaxi\YouTubeRipper.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C26F6653-815B-4AE6-A85E-9A7D0022DE94} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tom\application data\mozilla\firefox\profiles\l9ajnjqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\savetubevideo.com\savetubevideo\ff\components\swslib.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\tom\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\np32dsw.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprfxins.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: SaveTubeVideo.Com: SearchToolbar@skywebsearch.com - c:\program files\savetubevideo.com\savetubevideo\FF
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-30 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-13 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-13 712048]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-10-20 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2009-12-9 234304]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-6-13 243856]
R3 hhdserial;HHD Software Serial Monitor (DMS) Monitoring Driver;c:\windows\system32\drivers\hhdserial.sys [2008-11-16 30856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-9 110080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-2-1 23096]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca64736f5e235c;Google Update Service (gupdate1ca64736f5e235c);c:\program files\google\update\GoogleUpdate.exe [2009-11-13 133104]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2010-1-28 335872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-13 133104]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2011-5-29 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NRKCTL32;NRKCTL32;c:\program files\wcpuid\NRKCTL32.SYS [2008-11-6 3968]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-2-1 249856]
S3 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2010-1-15 335872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xkeysw2k;X-keys Device;c:\windows\system32\drivers\XKEYSW2K.SYS [2010-8-5 33519]
.
=============== Created Last 30 ================
.
2011-07-05 07:35:34 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b28f5e8f-848b-4ca3-9eab-57ce18d352e9}\mpengine.dll
2011-07-05 04:53:24 -------- d-----w- C:\VundoFix Backups
2011-07-05 01:56:22 -------- d-----w- c:\program files\CCleaner
2011-07-03 16:27:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-03 16:27:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-28 18:54:24 388096 ----a-r- c:\documents and settings\tom\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-28 18:54:24 -------- d-----w- c:\program files\Trend Micro
2011-06-27 03:07:26 -------- d-----w- c:\documents and settings\tom\local settings\application data\Fidelity Investments
2011-06-27 03:07:25 -------- d-----w- c:\documents and settings\tom\application data\Fidelity Investments
2011-06-26 23:33:32 -------- d-----w- c:\program files\New Folder
2011-06-25 13:36:00 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-06-25 13:34:19 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-25 13:33:15 -------- d-----w- c:\documents and settings\tom\local settings\application data\Microsoft Help
2011-06-23 16:00:24 -------- d-----w- c:\program files\Fidelity Investments
2011-06-23 16:00:24 -------- d-----w- c:\program files\common files\Crystal Decisions
2011-06-23 16:00:24 -------- d-----w- c:\documents and settings\all users\application data\Fidelity Investments
2011-06-21 17:01:11 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-06-21 17:01:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 08:55:48 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-10 13:20:57 -------- d-----w- C:\Test
2011-06-06 17:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 17:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-25 11:38:42 2306 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-06-17 08:03:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 20:49:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-23 00:21:42 0 ----a-w- c:\windows\t1784_61.tmp
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
2011-04-22 00:18:02 72080 ----a-w- c:\documents and settings\tom\g2mdlhlpx.exe
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:17:44 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2011-04-19 16:17:44 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-02-01 03:23:10 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
============= FINISH: 13:18:15.07 ===============
Copy of requested log - Malwarebytes
Spybot S&D no longer lists Virtumonde.sci. It does have other entries, such as Doubleclick cookies.
When Spybot S&D finishes, it is shown in Task Manager>Applications as "not responding"
Copy of requested Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7062
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
07/10/11 9:30:35 AM
mbam-log-2011-07-10 (09-30-35).txt
Scan type: Quick scan
Objects scanned: 181596
Time elapsed: 4 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 59
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231F-9D6F-4B0E-9041-5DD7484564AD} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MinBHO.ShowBarObj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MinBHO.ShowBarObj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{70EF8B2A-3A34-4913-AAFC-5A2827E0B1B1} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{AD49CE2B-B922-4E2A-AAD9-C1565855C7BC} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBand.1 (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBand (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveTubeVideo_is1 (Adware.SkyLab) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Value: {F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Value: {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\savetubevideo.com (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale\en-US (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\documents and settings\Tom\.jnana (Bot.jnana) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\savetubevideo.com\savetubevideo\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\savetubevideo.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\browserstartpage.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\Config.dat (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\downloader.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\googlechromeextansion.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\index.htm (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\installhelper.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\preferencesoriginal (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\starburnrds.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\transport_dll.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\unins000.dat (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\unins000.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\Updater.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\Web Data (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\web data-journal (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\allkeywords.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome.manifest (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\install.rdf (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\searchtoolbar@skywebsearch.com (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\tmp (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\about.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\googlefeed.xml (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\googlesearch.htm (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\registerdialog.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\registerdialog.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\settings.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\skysearchtoolbar.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\skysearchtoolbar.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\startabout.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\unregister.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale\en-US\toolbar.properties (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\about.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\aboutDlg.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\addvideo.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\bigbutton.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\burnit.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\gripper.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\icon.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\icon16-16.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\register.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\savevideo.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\savevideo2.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\search.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\settings.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\showstatus.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\skysearchtoolbar.css (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\smile!.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\videooftheday.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\ISwslib.xpt (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\nsirdshistoryservice.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\nsirdshistoryservice.xpt (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\rdstb-autocomplete.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\swslib.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search\index.htm (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search\manifest.json (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search\redirect.html (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\documents and settings\Tom\.jnana\ofex.7z (Bot.jnana) -> Quarantined and deleted successfully.
Answer - ComboFix.exe 7-12-2011
Quote:
Originally Posted by
ken545
With the amount of junk that Malwarebytes removed lets run this program, be sure to disable Kaspersky
Download
ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
OK - I followed that. I don't think it was successful as I never saw C:\ComboFix.txt
I did a search of Drive C for this and it does not exist.
Fortunately I was taking photos from the screen with my camera. Two are attached.
When I saw "Do you want to remove the folder Windows and remove all its contents to the recycle bin" I selected NO. This development was unexpected. It seems without programs it was going to remove I would have a dead system. I Xed out. I restarted using Windows Task Manager.
The computer did slowly restart again.
Should I try this again? Or something else?
Is there info in the pictures that shows a virus? (All this was skipped over by Kaspersky)
Response with Combofix log attached
OK - The Combofix.txt log is attached.
This is from the latest Combofix program you said I should download. I removed the old Combofix from the system.
ComboFix 11-07-14.05 - Tom 07/14/11 13:33:17.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2274 [GMT -5:00]
Running from: c:\i\Programs From Internet\Virtumonde sci removal 7-10-11\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tom\WINDOWS
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-12 07:42 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DBAD44D7-F76A-4ED5-AC6A-072B53713885}\mpengine.dll
2011-07-10 14:04 . 2011-07-10 14:04 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2011-07-10 13:55 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 13:55 . 2011-07-10 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-10 13:47 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 13:47 . 2011-07-10 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-08 18:31 . 2011-07-08 18:31 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Ilivid Player
2011-07-08 18:30 . 2011-07-08 18:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
2011-07-08 18:30 . 2011-07-08 18:30 -------- d-----w- c:\program files\iLivid
2011-07-08 18:19 . 2011-07-08 18:19 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\PackageAware
2011-07-05 01:56 . 2011-07-05 01:56 -------- d-----w- c:\program files\CCleaner
2011-07-03 16:27 . 2011-07-09 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-03 16:27 . 2011-07-09 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-28 18:54 . 2011-06-28 18:54 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-28 18:54 . 2011-06-28 18:54 -------- d-----w- c:\program files\Trend Micro
2011-06-27 03:07 . 2011-06-27 03:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Fidelity Investments
2011-06-27 03:07 . 2011-06-27 03:07 -------- d-----w- c:\documents and settings\Tom\Application Data\Fidelity Investments
2011-06-26 23:33 . 2011-06-26 23:33 -------- d-----w- c:\program files\New Folder
2011-06-25 13:36 . 2011-06-25 13:36 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-06-25 13:34 . 2011-06-25 13:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-25 13:33 . 2011-06-25 13:33 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Microsoft Help
2011-06-25 13:33 . 2011-06-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-23 16:00 . 2011-06-27 02:59 -------- d-----w- c:\program files\Fidelity Investments
2011-06-23 16:00 . 2011-06-27 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Fidelity Investments
2011-06-23 16:00 . 2011-06-23 16:00 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2011-06-21 17:01 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-21 17:01 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-21 16:12 . 2011-06-21 16:12 -------- d-----w- c:\program files\Windows Defender
2011-06-16 08:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 11:38 . 2010-05-25 17:20 2306 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-06-17 08:03 . 2011-06-03 08:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 20:49 . 2008-10-24 19:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-23 00:21 . 2011-05-23 00:21 0 ----a-w- c:\windows\t1784_61.tmp
2011-05-04 09:52 . 2010-09-08 10:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-09-21 07:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-10-08 08:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 05:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 04:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-04 05:56 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2009-06-04 11:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-04 05:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-04 05:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 03:59 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 04:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:17 . 2008-10-30 14:25 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2011-04-19 16:17 . 2008-10-30 14:25 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-02-01 03:23 . 2009-02-01 03:22 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-10-29 2699334]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-26 94208]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2011-04-25 42392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msjavadll"="javaw" [X]
"X-keys Programming"="c:\program files\PI Engineering\X-keys\XKWdkApp.exe" [2003-07-10 516608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-26 458865]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Simpo Print Server"="c:\program files\Simpo PDF Creator\SimpoPrintSrv.exe" [2009-10-29 101376]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-08 142872]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-09-22 862720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-08 173592]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-24 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\Tom\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-8-5 221247]
Office Startup.lnk - c:\program files\Microsoft Office97\Office\OSA.EXE [1997-7-11 51984]
Shortcut to taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Download Manager\\hpjdwnld.exe"=
"c:\\Program Files\\YouTubeMP3Downloader.net\\YouTubeMP3Downloader\\YouTubeMP3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40327:TCP"= 40327:TCP:HTTPWeb
"41489:TCP"= 41489:TCP:HTTPWeb
"20632:TCP"= 20632:TCP:HTTPWeb
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/09 8:18 PM 36880]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/13/09 9:44 AM 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/13/09 9:44 AM 712048]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/10/11 8:55 AM 366640]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [10/20/10 6:41 PM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/20/10 6:41 PM 67904]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [12/09/09 4:28 AM 234304]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [08/04/04 12:56 AM 5120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/03/06 7:19 PM 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [06/13/08 4:42 PM 243856]
R3 hhdserial;HHD Software Serial Monitor (DMS) Monitoring Driver;c:\windows\system32\drivers\hhdserial.sys [11/16/08 3:38 PM 30856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/09/08 3:17 AM 110080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [09/14/09 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/02/09 6:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/10/11 8:47 AM 22712]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [02/01/10 4:56 AM 23096]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/07 5:13 PM 1562096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/10 1:16 PM 130384]
S2 gupdate1ca64736f5e235c;Google Update Service (gupdate1ca64736f5e235c);c:\program files\Google\Update\GoogleUpdate.exe [11/13/09 10:10 AM 133104]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/09 11:58 AM 11336]
S3 GSService;GSService;c:\windows\system32\GSService.exe [01/28/10 3:35 AM 335872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/13/09 10:10 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/10/11 8:55 AM 39984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [05/29/11 8:33 AM 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/06/07 3:22 PM 34064]
S3 NRKCTL32;NRKCTL32;c:\program files\WCPUID\NRKCTL32.SYS [11/06/08 12:45 PM 3968]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/10 9:37 PM 4640000]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [02/01/10 4:56 AM 249856]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [01/15/10 5:23 AM 335872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [08/04/04 12:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/10 1:16 PM 753504]
S3 xkeysw2k;X-keys Device;c:\windows\system32\drivers\XKEYSW2K.SYS [08/05/10 6:24 PM 33519]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 00:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-13 06:17]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 15:10]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 15:10]
.
2011-07-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-07-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-STT - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\stacapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2011-07-14 14:09:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 19:09
.
Pre-Run: 132,800,520,192 bytes free
Post-Run: 133,637,849,088 bytes free
.
- - End Of File - - BE7603FC193B6A2E698E32BBB56C3B47
OTL.TXT 7-14-11 (2nd try)
OTL.TXT 7-14-11 (2nd try)
"The text that you have entered is too long (64752 characters). Please shorten it to 64000 characters long." I have edited this to post into 2 separate messages.
OTL logfile created on: 07/14/11 6:43:12 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy
2.96 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 78.30% Memory free
10.79 Gb Paging File | 10.12 Gb Available in Paging File | 93.78% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 124.43 Gb Free Space | 26.72% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.12 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1729.64 Gb Free Space | 92.84% Space Free | Partition Type: NTFS
Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
========== Modules (SafeList) ==========
MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2011/07/14 13:58:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
[2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/14 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/14 18:36:41 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 18:36:40 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 18:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/14 17:10:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/14 14:33:11 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/14 14:01:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/14 14:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/14 13:58:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/14 13:58:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/14 13:58:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 13:58:01 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 22:11:58 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/13 18:03:29 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/12 13:29:53 | 000,000,400 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
[2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/29 04:45:35 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'SŪ Dinner Club.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-MilesŪ Miles for MinutesŪ.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
[2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
OTL.TXT 7-14-11 (2nd try) - Part 2 of 2
========== LOP Check ==========
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spearit
[2010/08/15 01:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3Planesoft
[2010/02/22 02:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/10/15 10:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATX
[2010/09/30 04:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/25 12:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/12/11 08:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/08 17:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2011/06/26 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2009/06/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/11/04 19:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/25 20:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mediAvatar
[2010/11/29 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/14 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/11 06:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/27 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/04/13 03:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/09 04:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/24 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wavelet Labs
[2008/10/11 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/05 02:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2009/05/15 17:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 13:30:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2009/06/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 09:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2010/12/13 05:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\.oit
[2008/10/09 09:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2011/05/24 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Amazon
[2010/11/08 00:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2008/10/09 08:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/08 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ContentGuard
[2009/12/06 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Cool YouTube To Mp3 Converter
[2010/11/29 03:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Downloaded Installations
[2010/11/04 21:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ElevatedDiagnostics
[2009/04/12 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Eltima Software
[2011/03/27 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Facebook
[2011/06/26 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2009/12/17 04:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FILEminimizerPictures
[2011/07/07 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FileZilla
[2010/07/29 05:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\GARMIN
[2009/12/24 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\HD Audio Recorder
[2009/12/13 19:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Icevc
[2009/06/13 09:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\iolo
[2010/03/04 02:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Magic Collage
[2011/04/25 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mediAvatar
[2009/11/30 06:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Moyea
[2010/07/10 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\MozBackup
[2011/06/25 06:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nitro PDF
[2009/06/25 04:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2011/04/19 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\pdf995
[2009/11/15 15:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Publish Providers
[2010/03/17 03:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Software Informer
[2011/03/27 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Spearit
[2011/05/01 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TaxCut
[2010/10/24 05:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Thunderbird
[2011/03/22 19:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WaveMax Sound Editor
[2008/10/11 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WildTangent
[2008/12/17 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2011/07/14 14:01:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/14 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDB71CBA
< End of report >
Question - OTL Not Responding
I ran OTL, which stalled. It eventually reported "not responding" in the heading. I finally had to re-boot using the momentary switch on the computer power supply. How long should I wait before doing that? Should I disable Kaspersky AV or Firewall or anything else?
OTL.TXT 7-15-11 Part 1 of 2
OTL logfile created on: 07/14/11 11:26:10 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy
2.96 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 79.21% Memory free
10.79 Gb Paging File | 10.30 Gb Available in Paging File | 95.49% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 124.71 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.12 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1729.64 Gb Free Space | 92.84% Space Free | Partition Type: NTFS
Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
========== Modules (SafeList) ==========
MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]
OTL.TXT 7-15-11 Part 2 of 2
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2011/07/14 22:49:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/14 20:02:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
[2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
========== Files - Modified Within 30 Days ==========
[2011/07/14 23:31:36 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/14 23:30:04 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 23:26:19 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/14 23:24:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 23:24:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 23:11:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/14 23:09:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/14 23:08:32 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/14 23:08:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/14 23:08:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 23:08:00 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 22:49:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/14 14:33:11 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/13 22:11:58 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/13 18:03:29 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/12 13:29:53 | 000,000,400 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
[2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'SŪ Dinner Club.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-MilesŪ Miles for MinutesŪ.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
[2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url
========== Files Created - No Company Name ==========
[2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
< End of report >
Report of ESET attached 7-17-11
Report of ESET attached 7-17-11
C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{23690A61-F205-45D8-9294-B63A67498790}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{40C82691-CCF0-402A-909D-29257CBF33AC}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
C:\i\Programs From Internet\ImToo DVD Creator 6 4-29-11\dvd-creator6.exe Win32/Toolbar.Zugo application
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\i\Programs From Internet\Vundofix for virtumonde-sci 7-4-11\VirtumundoBeGone.exe Win32/PrcView application