A few things
1. The windows folder is in C:\windows, the one that Combofix found and wanted to delete was bogus, look at the file path in the pictures you posted
2. C:\ComboFix.txt <--The log can be found here
3. Is this a company computer ?
A few things
1. The windows folder is in C:\windows, the one that Combofix found and wanted to delete was bogus, look at the file path in the pictures you posted
2. C:\ComboFix.txt <--The log can be found here
3. Is this a company computer ?
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Reply 7-13-11
OK. This is my first experience with Combofix. Should I run it again?Originally Posted by ken545
I looked again and did not find ComboFix.txt or anything like that there. I then did a scan of the whole computer. It's not there. I suspect it's because of me ending Combofix when it ran.
I did find a C:\Combofix folder. Should it be deleted?
No, it's my personal PC at home
Go ahead and run a new scan with Combofix but first drag it to the trash and you can use the links I provided and download a fresh updated copy
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Response with Combofix log attached
OK - The Combofix.txt log is attached.
This is from the latest Combofix program you said I should download. I removed the old Combofix from the system.
ComboFix 11-07-14.05 - Tom 07/14/11 13:33:17.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2274 [GMT -5:00]
Running from: c:\i\Programs From Internet\Virtumonde sci removal 7-10-11\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tom\WINDOWS
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-12 07:42 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DBAD44D7-F76A-4ED5-AC6A-072B53713885}\mpengine.dll
2011-07-10 14:04 . 2011-07-10 14:04 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2011-07-10 13:55 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 13:55 . 2011-07-10 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-10 13:47 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 13:47 . 2011-07-10 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-08 18:31 . 2011-07-08 18:31 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Ilivid Player
2011-07-08 18:30 . 2011-07-08 18:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
2011-07-08 18:30 . 2011-07-08 18:30 -------- d-----w- c:\program files\iLivid
2011-07-08 18:19 . 2011-07-08 18:19 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\PackageAware
2011-07-05 01:56 . 2011-07-05 01:56 -------- d-----w- c:\program files\CCleaner
2011-07-03 16:27 . 2011-07-09 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-03 16:27 . 2011-07-09 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-28 18:54 . 2011-06-28 18:54 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-28 18:54 . 2011-06-28 18:54 -------- d-----w- c:\program files\Trend Micro
2011-06-27 03:07 . 2011-06-27 03:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Fidelity Investments
2011-06-27 03:07 . 2011-06-27 03:07 -------- d-----w- c:\documents and settings\Tom\Application Data\Fidelity Investments
2011-06-26 23:33 . 2011-06-26 23:33 -------- d-----w- c:\program files\New Folder
2011-06-25 13:36 . 2011-06-25 13:36 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-06-25 13:34 . 2011-06-25 13:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-25 13:33 . 2011-06-25 13:33 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Microsoft Help
2011-06-25 13:33 . 2011-06-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-23 16:00 . 2011-06-27 02:59 -------- d-----w- c:\program files\Fidelity Investments
2011-06-23 16:00 . 2011-06-27 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Fidelity Investments
2011-06-23 16:00 . 2011-06-23 16:00 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2011-06-21 17:01 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-21 17:01 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-21 16:12 . 2011-06-21 16:12 -------- d-----w- c:\program files\Windows Defender
2011-06-16 08:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 11:38 . 2010-05-25 17:20 2306 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-06-17 08:03 . 2011-06-03 08:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 20:49 . 2008-10-24 19:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-23 00:21 . 2011-05-23 00:21 0 ----a-w- c:\windows\t1784_61.tmp
2011-05-04 09:52 . 2010-09-08 10:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-09-21 07:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-10-08 08:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 05:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 04:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-04 05:56 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2009-06-04 11:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-04 05:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-04 05:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 03:59 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 04:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:17 . 2008-10-30 14:25 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2011-04-19 16:17 . 2008-10-30 14:25 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-02-01 03:23 . 2009-02-01 03:22 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-10-29 2699334]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-26 94208]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2011-04-25 42392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msjavadll"="javaw" [X]
"X-keys Programming"="c:\program files\PI Engineering\X-keys\XKWdkApp.exe" [2003-07-10 516608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-26 458865]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Simpo Print Server"="c:\program files\Simpo PDF Creator\SimpoPrintSrv.exe" [2009-10-29 101376]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-08 142872]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-09-22 862720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-08 173592]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-24 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\Tom\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-8-5 221247]
Office Startup.lnk - c:\program files\Microsoft Office97\Office\OSA.EXE [1997-7-11 51984]
Shortcut to taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Download Manager\\hpjdwnld.exe"=
"c:\\Program Files\\YouTubeMP3Downloader.net\\YouTubeMP3Downloader\\YouTubeMP3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40327:TCP"= 40327:TCP:HTTPWeb
"41489:TCP"= 41489:TCP:HTTPWeb
"20632:TCP"= 20632:TCP:HTTPWeb
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/09 8:18 PM 36880]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/13/09 9:44 AM 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/13/09 9:44 AM 712048]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/10/11 8:55 AM 366640]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [10/20/10 6:41 PM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/20/10 6:41 PM 67904]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [12/09/09 4:28 AM 234304]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [08/04/04 12:56 AM 5120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/03/06 7:19 PM 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [06/13/08 4:42 PM 243856]
R3 hhdserial;HHD Software Serial Monitor (DMS) Monitoring Driver;c:\windows\system32\drivers\hhdserial.sys [11/16/08 3:38 PM 30856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/09/08 3:17 AM 110080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [09/14/09 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/02/09 6:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/10/11 8:47 AM 22712]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [02/01/10 4:56 AM 23096]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/07 5:13 PM 1562096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/10 1:16 PM 130384]
S2 gupdate1ca64736f5e235c;Google Update Service (gupdate1ca64736f5e235c);c:\program files\Google\Update\GoogleUpdate.exe [11/13/09 10:10 AM 133104]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/09 11:58 AM 11336]
S3 GSService;GSService;c:\windows\system32\GSService.exe [01/28/10 3:35 AM 335872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/13/09 10:10 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/10/11 8:55 AM 39984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [05/29/11 8:33 AM 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/06/07 3:22 PM 34064]
S3 NRKCTL32;NRKCTL32;c:\program files\WCPUID\NRKCTL32.SYS [11/06/08 12:45 PM 3968]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/10 9:37 PM 4640000]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [02/01/10 4:56 AM 249856]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [01/15/10 5:23 AM 335872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [08/04/04 12:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/10 1:16 PM 753504]
S3 xkeysw2k;X-keys Device;c:\windows\system32\drivers\XKEYSW2K.SYS [08/05/10 6:24 PM 33519]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 00:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-13 06:17]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 15:10]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 15:10]
.
2011-07-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-07-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-STT - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\stacapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2011-07-14 14:09:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 19:09
.
Pre-Run: 132,800,520,192 bytes free
Post-Run: 133,637,849,088 bytes free
.
- - End Of File - - BE7603FC193B6A2E698E32BBB56C3B47
Last edited by ken545; 2011-07-14 at 22:01.
You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE
c:\windows\t1784_61.tmp <--Delete this file
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Otl.txt 7-14-11
Otl.txt 7-14-11
OTL.TXT 7-14-11 (2nd try)
OTL.TXT 7-14-11 (2nd try)
"The text that you have entered is too long (64752 characters). Please shorten it to 64000 characters long." I have edited this to post into 2 separate messages.
OTL logfile created on: 07/14/11 6:43:12 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy
2.96 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 78.30% Memory free
10.79 Gb Paging File | 10.12 Gb Available in Paging File | 93.78% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 124.43 Gb Free Space | 26.72% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.12 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1729.64 Gb Free Space | 92.84% Space Free | Partition Type: NTFS
Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
========== Modules (SafeList) ==========
MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2011/07/14 13:58:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
[2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/14 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/14 18:36:41 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 18:36:40 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 18:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/14 17:10:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/14 14:33:11 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/14 14:01:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/14 14:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/14 13:58:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/14 13:58:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/14 13:58:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 13:58:01 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 22:11:58 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/13 18:03:29 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/12 13:29:53 | 000,000,400 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
[2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/29 04:45:35 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'SŪ Dinner Club.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-MilesŪ Miles for MinutesŪ.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
[2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
OTL.TXT 7-14-11 (2nd try) - Part 2 of 2
========== LOP Check ==========
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spearit
[2010/08/15 01:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3Planesoft
[2010/02/22 02:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/10/15 10:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATX
[2010/09/30 04:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/25 12:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/12/11 08:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/08 17:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2011/06/26 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2009/06/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/11/04 19:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/25 20:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mediAvatar
[2010/11/29 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/14 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/11 06:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/27 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/04/13 03:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/09 04:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/24 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wavelet Labs
[2008/10/11 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/05 02:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2009/05/15 17:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 13:30:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2009/06/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 09:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2010/12/13 05:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\.oit
[2008/10/09 09:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2011/05/24 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Amazon
[2010/11/08 00:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2008/10/09 08:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/08 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ContentGuard
[2009/12/06 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Cool YouTube To Mp3 Converter
[2010/11/29 03:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Downloaded Installations
[2010/11/04 21:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ElevatedDiagnostics
[2009/04/12 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Eltima Software
[2011/03/27 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Facebook
[2011/06/26 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2009/12/17 04:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FILEminimizerPictures
[2011/07/07 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FileZilla
[2010/07/29 05:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\GARMIN
[2009/12/24 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\HD Audio Recorder
[2009/12/13 19:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Icevc
[2009/06/13 09:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\iolo
[2010/03/04 02:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Magic Collage
[2011/04/25 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mediAvatar
[2009/11/30 06:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Moyea
[2010/07/10 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\MozBackup
[2011/06/25 06:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nitro PDF
[2009/06/25 04:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2011/04/19 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\pdf995
[2009/11/15 15:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Publish Providers
[2010/03/17 03:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Software Informer
[2011/03/27 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Spearit
[2011/05/01 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TaxCut
[2010/10/24 05:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Thunderbird
[2011/03/22 19:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WaveMax Sound Editor
[2008/10/11 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WildTangent
[2008/12/17 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2011/07/14 14:01:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/14 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDB71CBA
< End of report >
Extras.Txt ?
OTL did not produce an Extras.txt file. I ran OTL again and it didn't produce one the 2nd time, either. (I did a complete search on C: )
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::processes killallprocesses :OTL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. 2011-05-23 00:21 . 2011-05-23 00:21 0 ----a-w- c:\windows\t1784_61.tmp @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3 @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDB71CBA :Services :Reg :Files ipconfig /release /c ipconfig /renew /c ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [start explorer] [Reboot]- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces.
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Let me know how things are running now ???
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
