No access to Internet Options, connectivity problem, and other problems

**I_dream_of_Mercury** · 2011-12-06, 21:08

Issues in brief, then details:
Cannot open Internet Options. Administrator in safe mode can’t access the Internet. Scans found and quarantined MediaPlex, Trojan.FakeAlert, PUM.Hijack.HomePageControl. Strange behavior at a shopping site. Have previously been unable to complete an update of IE8 (using XP Pro).

I’ve got a few things happening, and I’m not sure which is causing what. So please excuse me if this is either too much or not the appropriate information.

I discovered a couple of days ago, that I cannot access Internet Options in either the Control Panel or IE Tools>Options, either as a user with administrator privileges or as Administrator, in safe mode. I don’t know how long this problem has been present.

There is still an Internet Options icon in the Control Panel, but when I click on it, a box flickers on the screen for a split second, and doesn’t stay onscreen.

I normally have Internet Options locked inside IE, using Spybot’s IE Tweaks and more recently, SpywareBlaster settings, too. I tried unblocking access to Internet Options from IE’s Tools>Options and from SpywareBlaster settings, but when I select Options, again a box blinks on the screen, but doesn’t remain up.

Also, after discovering this problem, first time I logged into safe mode, as Administrator, I could access the Internet, but the second time I logged into safe mode as Administrator, I could not connect to the Internet.

I first realized I couldn’t bring up Internet Options, when I tried to access it right after I’d visited an online shopping site, which I believe is legit, but had a strange experience, with it. I went to enter a test account (not my real info), just so it would tell me the shipping charges, and found that I appeared to actually be *in* someone else’s registered account! I tried to set up my own test account, changing all the info, and it had not asked for any payment method info yet. Instead of asking me to choose the shipping mode, which it was supposed to do next, it said, “Order accepted”! I immediately contacted the website through their online contact form, and asked them to cancel the order (which I assume was charged to the other customer) and to contact me about using their site.

However, since problems immediately arose, I’ve been afraid to go to my yahoo email.
*By the way, is it safe to use online email, at this point?

I notice now, too, that when I hover the pointer over My Computer, in the Start menu, along with Local Disc (:C), the DVD drive, My Documents and Shared Documents, there’s an icon for the Control Panel. Am I that inobservant, that I never noticed that there, before, or is that not normally there?

A scan with Spybot S&D brought up MediaPlex tracking cookie as a threat, which had not appeared before in recent or previous scans. I then downloaded and ran Malwarebytes, which found:
Trojan.FakeAlert and
PUM.Hijack.HomePageControl.
But I wonder if the PUM is only detecting my setting for locking IE Tools>Options, with IE Tweaks? The same PUM seemed to reappear in the Malwarebytes scan, after I reapplied the setting. Avira scans didn’t detect any problems.

All three of these malwares were quarantined by Spybot S&D and Malwarebytes, and now scans by them are clean. Avira scans are still clean.

I tried a System Restore twice, only going back about 10 days the first time, and then 12 days back, and the non-access to Internet Options is still present.

The other possible factor is that within the past 3 months or so, I’ve tried a couple of times to update IE8, the last time fairly recently, but the updates wouldn’t complete. I already had IE8, but there seemed to be a slightly more recent version, and with XP, I can’t go to IE9. But when the update automatically restarted the computer and try to apply personal preferences to IE, it would hang and never complete. I had to cold boot it, as I recall. I gather that it may be my user profiles are not set up correctly, so that I’m updating IE in my normal user account, which has administrative privileges, but it wants to update in the Administrator account, which perhaps should be sharing the user preferences with the other account, but it isn’t. I don't know how to fix that.

Some programs requiring Administrator’s privileges do recognize this user account as having them.

In any case, the IE updates not completing and issues between the Administrator and user accounts may have something to do with Internet Options access, I don’t know. Again, Internet Options currently won’t open in either user account.

Lastly, I haven’t been able to run ESET’s online scanner. When I tried to run it, it told me I need administrator’s privileges, even though this account has them. I tried the suggestion on the ESET FAQ, to change the registry key and eliminate a possible killbit, but found that the long key number mentioned is not under LOCAL_MACHINE/SOFTWARE, etc, in my registry. In my registry, it’s under HKEY_USERS. In a search of my registry, no “compatibility flags” was found.

Thank you very much, for your expertise and attention to helping me with this!

My fresh DDS.txt report, attach.txt attached:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 11:08:29 on 2011-12-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1357 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/index.html
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB3393] command.com /c del "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingD6191] cmd.exe /c del "c:\windows\SchedLgU.Txt"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotDeletingA3123] command.com /c del "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingC9596] cmd.exe /c del "c:\windows\SchedLgU.Txt"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250215367203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250221790218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{D32D97C7-A7FE-48E4-9546-8EC79641D39E} : DhcpNameServer = 192.168.0.1 205.171.3.25
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-7 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-7 66616]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3364856]
S0 cerc6;cerc6; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\flashplayerupdateservice.exe --> c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2010-10-28 91841]
.
=============== Created Last 30 ================
.
2011-12-06 12:18:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 12:02:19 -------- d-----w- c:\program files\ERUNT Registry Backup Tool
2011-12-06 00:58:25 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2011-12-06 00:39:56 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-05 18:42:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-05 18:42:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-04 21:07:07 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-12-04 21:06:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-04 21:06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-01 13:38:03 -------- d-----w- c:\program files\SpywareBlaster(2)
.
==================== Find3M ====================
.
2011-12-06 00:39:32 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-01 19:32:54 69792 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 19:32:54 417952 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-10-21 15:30:37 516692 ----a-w- c:\windows\vampsUninst.exe
2011-10-21 15:30:06 1903021 ----a-w- c:\windows\vamps.scr
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:10:45.30 ===============

**Scolabar** · 2011-12-08, 10:41

Hi I_dream_of_Mercury,

Firstly, welcome to the Safer-Networking Malware Removal Forum.

My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help i would be grateful if you would let me know.

I am currently working under the guidance of teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.

Please note the following important guidelines before proceeding:

The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows XP

If you follow these guidelines, things should proceed smoothly.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

**I_dream_of_Mercury** · 2011-12-08, 16:33

Scolabar, hi, and thanks so much for taking on my case!

I definitely still require help.

To update, about 20 hours ago, I ran Avira and it found TR/Fake.Rean.3192, and quarantined it. Other problems are about the same status as when I last posted.

(Malwarebytes did again find and quarantine PUM.HiJack.HomePageControl, but I also tried, again, to drop the restriction on opening Internet Options inside IE, as I described before, so not sure if that's what's causing that.)

I wonder if you could tell me whether I can currently safely or securely use Yahoo email, visit known websites, and make an online payment with PayPal? I'm especially anxious to make a payment for two things, with PayPal, and to use my email, because the matters are time-sensitive. I don't know if there's any secure way to do those things on someone else's computer or on a public computer.

I'll check back frequently, for your new instructions

**Scolabar** · 2011-12-09, 13:11

Hi I_dream_of_Mercury,

This is just a quick update to let you know I am waiting for a Teacher to check over my next set of instructions.
As you will no doubt appreciate, the Teachers are very busy. Please bear with us.

In answer to your question:

Originally Posted by I_dream_of_Mercury

I wonder if you could tell me whether I can currently safely or securely use Yahoo email, visit known websites, and make an online payment with PayPal?

At this stage I think it should be OK to use Yahoo email (as long as you steer clear of including anything of a confidential nature in your correspondence for the time being) and browse known good websites. However, my advice to you would be not to use any online payment system until the computer has been confirmed to be clear of infection. I would also advise not using anyone else's or any public computer to make any payments either. I would be inclined to phone the supplier(s) direct and make any payments over the phone, if possible, for the time being.

Thank you again for your patience.

Scolabar

**Scolabar** · 2011-12-10, 01:14

Hi I_dream_of_Mercury,

Thank you again for your patience.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Spybot - Search & Destroy Log

I would like to see the contents of the last Spybot - Search & Destroy log which shows infections cleaned up.
You should be able to retrieve the log using the following instructions:

Launch Spybot S&D.
Switch to Advanced Mode.
Navigate to Tools > View Report.
Click on View Previous Report to access older / automatically generated reports.
Click on Export to save the report to a text file to your Desktop.
Please Copy and Paste the entire contents of the Spybot S&D exported log file into your next reply

Step 2:
MalwareBytes' AntiMalware Log

I would also like to see the contents of the last MalwareBytes' AntiMalware log which shows infections cleaned up.
You should be able to retrieve the log from the following location:

C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply.

Step 3:
TDSSKiller - Scan

Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
Double-click on TDSSKiller.exe to launch it.
If TDSSKiller does not run rename the program file. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. pq2f9hnw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller.
The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
Spybot S&D exported log file.
mbam-log-date (time).txt.
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

**I_dream_of_Mercury** · 2011-12-10, 05:03

Scolabar, hi,

Here's the requested material, and a little more info, at the bottom:

Included in this post, per your instructions:

1. Did you have any problems carrying out the instructions?

The instructions were clear and easy to carry out. I did wonder whether to include info about a couple of infections detected within the past few days, which are not on the reports you requested, so I went ahead and added the info at the bottom of this post, just in cast it's useful.

2. Spybot S&D exported log file.

Spybot Search and Destroy Log, the last log which shows infections cleaned up. To be clear, I’ve run the program since, but this is the last time and the only time, since noticing symptoms of infection, that it’s shown any infections or threats:

--- Report generated: 2011-12-04 10:49 ---

MediaPlex: Tracking cookie (Internet Explorer: user) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-04-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-11-15 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-11-15 Includes\Malware.sbi (*)
2011-11-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-28 Includes\TrojansC-02.sbi (*)
2011-11-29 Includes\TrojansC-03.sbi (*)
2011-11-29 Includes\TrojansC-04.sbi (*)
2011-11-29 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

3. mbam-log-date (time).txt.

Malwarebytes, last log that shows infections cleaned up:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8322

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/7/2011 12:26:46 PM
mbam-log-2011-12-07 (12-26-46).txt

Scan type: Quick scan
Objects scanned: 182973
Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.

18:57:50.0031 3868 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
18:57:52.0031 3868 ============================================================
18:57:52.0031 3868 Current date / time: 2011/12/09 18:57:52.0031
18:57:52.0031 3868 SystemInfo:
18:57:52.0031 3868
18:57:52.0031 3868 OS Version: 5.1.2600 ServicePack: 3.0
18:57:52.0031 3868 Product type: Workstation
18:57:52.0031 3868 ComputerName: USER-PC
18:57:52.0031 3868 UserName: user
18:57:52.0031 3868 Windows directory: C:\WINDOWS
18:57:52.0031 3868 System windows directory: C:\WINDOWS
18:57:52.0031 3868 Processor architecture: Intel x86
18:57:52.0031 3868 Number of processors: 2
18:57:52.0031 3868 Page size: 0x1000
18:57:52.0031 3868 Boot type: Normal boot
18:57:52.0031 3868 ============================================================
18:57:56.0359 3868 Initialize success
18:58:19.0046 0172 ============================================================
18:58:19.0046 0172 Scan started
18:58:19.0046 0172 Mode: Manual;
18:58:19.0046 0172 ============================================================
18:58:19.0468 0172 Abiosdsk - ok
18:58:19.0468 0172 abp480n5 - ok
18:58:19.0546 0172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:58:19.0546 0172 ACPI - ok
18:58:19.0593 0172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:58:19.0593 0172 ACPIEC - ok
18:58:19.0609 0172 adpu160m - ok
18:58:19.0671 0172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:58:19.0687 0172 aec - ok
18:58:19.0734 0172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:58:19.0750 0172 AFD - ok
18:58:19.0765 0172 Aha154x - ok
18:58:19.0765 0172 aic78u2 - ok
18:58:19.0781 0172 aic78xx - ok
18:58:19.0796 0172 AliIde - ok
18:58:19.0812 0172 amsint - ok
18:58:19.0828 0172 asc - ok
18:58:19.0843 0172 asc3350p - ok
18:58:19.0859 0172 asc3550 - ok
18:58:19.0921 0172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:58:19.0921 0172 AsyncMac - ok
18:58:19.0937 0172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:58:19.0937 0172 atapi - ok
18:58:19.0953 0172 Atdisk - ok
18:58:20.0156 0172 ati2mtag (7452ab1a89f43785d20a10066bc3b73a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:58:20.0218 0172 ati2mtag - ok
18:58:20.0328 0172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:58:20.0343 0172 Atmarpc - ok
18:58:20.0375 0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:58:20.0390 0172 audstub - ok
18:58:20.0562 0172 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:58:20.0562 0172 avgio - ok
18:58:20.0593 0172 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:58:20.0593 0172 avgntflt - ok
18:58:20.0625 0172 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:58:20.0640 0172 avipbb - ok
18:58:20.0687 0172 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:58:20.0687 0172 b57w2k - ok
18:58:20.0765 0172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:58:20.0765 0172 Beep - ok
18:58:20.0812 0172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:58:20.0828 0172 cbidf2k - ok
18:58:20.0875 0172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:58:20.0875 0172 CCDECODE - ok
18:58:20.0890 0172 cd20xrnt - ok
18:58:20.0937 0172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:58:20.0937 0172 Cdaudio - ok
18:58:20.0968 0172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:58:20.0968 0172 Cdfs - ok
18:58:21.0031 0172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:58:21.0046 0172 Cdrom - ok
18:58:21.0046 0172 cerc6 - ok
18:58:21.0062 0172 Changer - ok
18:58:21.0078 0172 CmdIde - ok
18:58:21.0109 0172 Cpqarray - ok
18:58:21.0125 0172 dac2w2k - ok
18:58:21.0125 0172 dac960nt - ok
18:58:21.0171 0172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:58:21.0171 0172 Disk - ok
18:58:21.0218 0172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:58:21.0234 0172 dmboot - ok
18:58:21.0296 0172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:58:21.0312 0172 dmio - ok
18:58:21.0343 0172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:58:21.0343 0172 dmload - ok
18:58:21.0406 0172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:58:21.0406 0172 DMusic - ok
18:58:21.0421 0172 dpti2o - ok
18:58:21.0468 0172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:58:21.0468 0172 drmkaud - ok
18:58:21.0531 0172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:58:21.0546 0172 Fastfat - ok
18:58:21.0562 0172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:58:21.0562 0172 Fdc - ok
18:58:21.0578 0172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:58:21.0593 0172 Fips - ok
18:58:21.0593 0172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:58:21.0609 0172 Flpydisk - ok
18:58:21.0640 0172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:58:21.0640 0172 FltMgr - ok
18:58:21.0671 0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:58:21.0671 0172 Fs_Rec - ok
18:58:21.0687 0172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:58:21.0703 0172 Ftdisk - ok
18:58:21.0734 0172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:58:21.0734 0172 Gpc - ok
18:58:21.0812 0172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:58:21.0812 0172 hidusb - ok
18:58:21.0828 0172 hpn - ok
18:58:21.0906 0172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:58:21.0921 0172 HTTP - ok
18:58:21.0937 0172 i2omgmt - ok
18:58:21.0953 0172 i2omp - ok
18:58:21.0984 0172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:58:22.0000 0172 i8042prt - ok
18:58:22.0046 0172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:58:22.0046 0172 Imapi - ok
18:58:22.0062 0172 ini910u - ok
18:58:22.0078 0172 IntelIde - ok
18:58:22.0125 0172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:58:22.0125 0172 intelppm - ok
18:58:22.0156 0172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:58:22.0156 0172 Ip6Fw - ok
18:58:22.0187 0172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:58:22.0187 0172 IpFilterDriver - ok
18:58:22.0203 0172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:58:22.0218 0172 IpInIp - ok
18:58:22.0265 0172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:58:22.0265 0172 IpNat - ok
18:58:22.0281 0172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:58:22.0296 0172 IPSec - ok
18:58:22.0328 0172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:58:22.0328 0172 IRENUM - ok
18:58:22.0359 0172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:58:22.0359 0172 isapnp - ok
18:58:22.0406 0172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:58:22.0406 0172 Kbdclass - ok
18:58:22.0468 0172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:58:22.0468 0172 kbdhid - ok
18:58:22.0562 0172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:58:22.0562 0172 kmixer - ok
18:58:22.0593 0172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:58:22.0593 0172 KSecDD - ok
18:58:22.0609 0172 lbrtfdc - ok
18:58:22.0671 0172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:58:22.0671 0172 mnmdd - ok
18:58:22.0734 0172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:58:22.0750 0172 Modem - ok
18:58:22.0750 0172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:58:22.0765 0172 Mouclass - ok
18:58:22.0796 0172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:58:22.0796 0172 mouhid - ok
18:58:22.0812 0172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:58:22.0812 0172 MountMgr - ok
18:58:22.0828 0172 mraid35x - ok
18:58:22.0859 0172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:58:22.0875 0172 MRxDAV - ok
18:58:22.0953 0172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:58:22.0953 0172 MRxSmb - ok
18:58:22.0968 0172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:58:22.0968 0172 Msfs - ok
18:58:23.0015 0172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:58:23.0031 0172 MSKSSRV - ok
18:58:23.0046 0172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:58:23.0046 0172 MSPCLOCK - ok
18:58:23.0078 0172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:58:23.0078 0172 MSPQM - ok
18:58:23.0125 0172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:58:23.0140 0172 mssmbios - ok
18:58:23.0218 0172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:58:23.0218 0172 MSTEE - ok
18:58:23.0234 0172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:58:23.0234 0172 Mup - ok
18:58:23.0281 0172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:58:23.0281 0172 NABTSFEC - ok
18:58:23.0328 0172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:58:23.0328 0172 NDIS - ok
18:58:23.0375 0172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:58:23.0375 0172 NdisIP - ok
18:58:23.0421 0172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:58:23.0421 0172 NdisTapi - ok
18:58:23.0484 0172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:58:23.0484 0172 Ndisuio - ok
18:58:23.0500 0172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:58:23.0515 0172 NdisWan - ok
18:58:23.0562 0172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:58:23.0578 0172 NDProxy - ok
18:58:23.0578 0172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:58:23.0593 0172 NetBIOS - ok
18:58:23.0703 0172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:58:23.0718 0172 NetBT - ok
18:58:23.0750 0172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:58:23.0750 0172 Npfs - ok
18:58:23.0781 0172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:58:23.0796 0172 Ntfs - ok
18:58:23.0812 0172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:58:23.0828 0172 Null - ok
18:58:23.0875 0172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:58:23.0875 0172 NwlnkFlt - ok
18:58:23.0906 0172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:58:23.0906 0172 NwlnkFwd - ok
18:58:23.0937 0172 OADevice (da5e5a2026eeef52d94fcb760e171752) C:\WINDOWS\system32\drivers\OADriver.sys
18:58:23.0937 0172 OADevice - ok
18:58:23.0968 0172 OAmon (3524dd1f24bd0114eaa98048d76075c1) C:\WINDOWS\system32\drivers\OAmon.sys
18:58:23.0968 0172 OAmon - ok
18:58:24.0046 0172 OAnet (e57d9d511e837ef56f93ec29f1ff730d) C:\WINDOWS\system32\drivers\OAnet.sys
18:58:24.0062 0172 OAnet - ok
18:58:24.0109 0172 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
18:58:24.0125 0172 P0630VID - ok
18:58:24.0171 0172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:58:24.0171 0172 Parport - ok
18:58:24.0187 0172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:58:24.0187 0172 PartMgr - ok
18:58:24.0234 0172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:58:24.0250 0172 ParVdm - ok
18:58:24.0281 0172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:58:24.0281 0172 PCI - ok
18:58:24.0296 0172 PCIDump - ok
18:58:24.0312 0172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:58:24.0312 0172 PCIIde - ok
18:58:24.0343 0172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:58:24.0359 0172 Pcmcia - ok
18:58:24.0359 0172 PDCOMP - ok
18:58:24.0375 0172 PDFRAME - ok
18:58:24.0390 0172 PDRELI - ok
18:58:24.0390 0172 PDRFRAME - ok
18:58:24.0406 0172 perc2 - ok
18:58:24.0421 0172 perc2hib - ok
18:58:24.0484 0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:58:24.0500 0172 PptpMiniport - ok
18:58:24.0515 0172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:58:24.0515 0172 Ptilink - ok
18:58:24.0531 0172 ql1080 - ok
18:58:24.0546 0172 Ql10wnt - ok
18:58:24.0546 0172 ql12160 - ok
18:58:24.0562 0172 ql1240 - ok
18:58:24.0578 0172 ql1280 - ok
18:58:24.0593 0172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:58:24.0593 0172 RasAcd - ok
18:58:24.0609 0172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:58:24.0625 0172 Rasl2tp - ok
18:58:24.0625 0172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:58:24.0640 0172 RasPppoe - ok
18:58:24.0656 0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:58:24.0656 0172 Raspti - ok
18:58:24.0671 0172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:58:24.0687 0172 Rdbss - ok
18:58:24.0703 0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:58:24.0703 0172 RDPCDD - ok
18:58:24.0750 0172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:58:24.0765 0172 rdpdr - ok
18:58:24.0828 0172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:58:24.0843 0172 RDPWD - ok
18:58:24.0906 0172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:58:24.0921 0172 redbook - ok
18:58:24.0984 0172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:58:25.0000 0172 Secdrv - ok
18:58:25.0078 0172 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:58:25.0109 0172 senfilt - ok
18:58:25.0125 0172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:58:25.0125 0172 serenum - ok
18:58:25.0140 0172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:58:25.0156 0172 Serial - ok
18:58:25.0171 0172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:58:25.0187 0172 Sfloppy - ok
18:58:25.0203 0172 Simbad - ok
18:58:25.0296 0172 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:58:25.0312 0172 smwdm - ok
18:58:25.0312 0172 Sparrow - ok
18:58:25.0343 0172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:58:25.0343 0172 splitter - ok
18:58:25.0406 0172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:58:25.0406 0172 sr - ok
18:58:25.0484 0172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:58:25.0484 0172 Srv - ok
18:58:25.0546 0172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:58:25.0562 0172 ssmdrv - ok
18:58:25.0609 0172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:58:25.0609 0172 streamip - ok
18:58:25.0625 0172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:58:25.0640 0172 swenum - ok
18:58:25.0640 0172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:58:25.0656 0172 swmidi - ok
18:58:25.0671 0172 symc810 - ok
18:58:25.0687 0172 symc8xx - ok
18:58:25.0703 0172 sym_hi - ok
18:58:25.0703 0172 sym_u3 - ok
18:58:25.0750 0172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:58:25.0765 0172 sysaudio - ok
18:58:25.0859 0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:58:25.0890 0172 Tcpip - ok
18:58:25.0921 0172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:58:25.0921 0172 TDPIPE - ok
18:58:25.0937 0172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:58:25.0953 0172 TDTCP - ok
18:58:26.0000 0172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:58:26.0000 0172 TermDD - ok
18:58:26.0031 0172 TosIde - ok
18:58:26.0093 0172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:58:26.0109 0172 Udfs - ok
18:58:26.0125 0172 ultra - ok
18:58:26.0187 0172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:58:26.0203 0172 Update - ok
18:58:26.0281 0172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:58:26.0281 0172 usbccgp - ok
18:58:26.0328 0172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:58:26.0328 0172 usbehci - ok
18:58:26.0375 0172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:58:26.0375 0172 usbhub - ok
18:58:26.0421 0172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:58:26.0421 0172 USBSTOR - ok
18:58:26.0484 0172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:58:26.0500 0172 usbuhci - ok
18:58:26.0515 0172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:58:26.0515 0172 VgaSave - ok
18:58:26.0531 0172 ViaIde - ok
18:58:26.0546 0172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:58:26.0546 0172 VolSnap - ok
18:58:26.0562 0172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:58:26.0578 0172 Wanarp - ok
18:58:26.0578 0172 WDICA - ok
18:58:26.0609 0172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:58:26.0625 0172 wdmaud - ok
18:58:26.0765 0172 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:58:26.0765 0172 WpdUsb - ok
18:58:26.0843 0172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:58:26.0843 0172 WSTCODEC - ok
18:58:26.0875 0172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:58:26.0875 0172 WudfPf - ok
18:58:26.0906 0172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:58:26.0906 0172 WudfRd - ok
18:58:26.0937 0172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:58:27.0093 0172 \Device\Harddisk0\DR0 - ok
18:58:27.0093 0172 Boot (0x1200) (b7afa9d472cd08105950e19bca8d8db4) \Device\Harddisk0\DR0\Partition0
18:58:27.0093 0172 \Device\Harddisk0\DR0\Partition0 - ok
18:58:27.0093 0172 ============================================================
18:58:27.0093 0172 Scan finished
18:58:27.0093 0172 ============================================================
18:58:27.0109 0384 Detected object count: 0
18:58:27.0109 0384 Actual detected object count: 0

5. Do you have the original Windows installation media for your PC?

I don't have it, unfortunately. The computer does have the tag on it.

(I'm adding this bit of info about a couple of infections detected within the past few days, only after I first noticed signs of infection, just in case it's useful:

I've been running daily scans with Avira antivirus. On Dec. 7, 2011, Avira antivirus found TR/Fake.Rean.3192, one detection, which is quarantined. That's the only detection by Avira, since a long time before the first signs of infection. Avira scans since that one are clean.

Also,
this is the first Malwarebytes log I ran, after noticing symptoms of infection, just because it’s got an extra malware detection on it:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8310

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/4/2011 1:19:09 PM
mbam-log-2011-12-04 (13-19-09).txt

Scan type: Quick scan
Objects scanned: 180542
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\user\local settings\Temp\upd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. )

Thanks for your continued help! I'm continuing to check back frequently, for your next instructions.

**Scolabar** · 2011-12-10, 23:37

Hi I_dream_of_Mercury,

Thank you again for your patience.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Avira Anti-Virus Scan Report

Please provide the last Avira Anti-Virus scan report from 7th December.

Right-click the red umbrella icon in the system tray and click Start Antivir.
In the left pane, click on Overview, then click on Reports.
There will be reports titled Update and reports titled Scan. Find the report from 7th December in the list titled Scan.
Click on the Report File button, or Right-click the report and choose Display Report.
The report contents will be displayed in Notepad.
Please Copy and Paste the contents of Avira Anti-Virus Scan Report into your next reply.

Step 2:
aswMBR - Scan

Double-click on aswMBR.exe to launch the program.
Click on the Scan button to start the scan.
On completion of the scan the following message will be displayed: "Scan finished successfully". Click on the Save log button.
You will be prompted to save a file named aswMBR.txt. Save it to your Desktop.
Please Copy and Paste the contents of aswMBR.txt into your next reply.

Please Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat. This is a copy of your MBR record, before any changes are made, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

Step 3:
OTL - Scan

Please download OTL by Old Timer. Save it to your Desktop.
Double-click on OTL.exe to run the program.
Under Output, ensure that the Standard Output option is selected.
Under the Extra Registry section, select the Use SafeList option.
Click the Scan All Users checkbox.
Note: Please leave the remaining selections on the default settings.
Click the LOP Check and Purity Check checkboxes.
Then click on the Run Scan button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
- OTL.txt <-- Will be opened, maximized.
- Extras.txt <-- Will be minimized on task bar.
Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
Avira Anti-Virus Scan Report.
aswMBR.txt.
OTL.txt.
Extras.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

**I_dream_of_Mercury** · 2011-12-11, 06:46

Please advise:

Scolabar, hi,

The aswMBR scan, your step 2, didn't go as described, and I need to know what to do before I proceed.

First, when I went to double click on aswMBR.exe icon, on my desktop, OnlineArmor firewall reported, "aswMBR.sys wants to start automatically with your computer". I clicked accept, figuring that I'd accept anything the program wants to do, but I believe I unclicked "Remember this decision," because I have Avira running, already, and thought it would create a conflict. Since it's not the regular Avast antivirus, I didn't expect it to was to run automatically, later.

(At this point, I should mention that when you have said, "Before we proceed please make sure any open programs are closed," it didn't occur to me to shut down my security software. Am I supposed to be deactivating my antivirus, Spybot S&D Resident, SpywareBlaster, or my OnlineArmor firewall?)

Then, aswMBR asked to update its virus definitions. I agreed and let it download those.

I then clicked Scan, and it scanned for only a couple of minutes, then said it was scanning TDSSKiller.

aswMBR appeared to hang upon scanning TDSSKiller. It said it was scanning TDSSKiller as the last item at the bottom of what it had already scanned for exactly 20 minutes, then the screen froze (the clock froze and the mouse pointer wouldn't move) and the computer became unresponsive. The screen remained up, as it was before it hung. (Of course, the message that the scan was completed was never displayed.)

I let it sit for 34 minutes, hoping the program would catch up with itself, before trying to raise Task Manager with CNTRL+ALT_DEL. The computer remained unresponsive. I eventually had to actually unplug the computer, in order to restart.

ALL OF THE FOLLOWING IS AFTER aswMBR HUNG, AND THE COMPUTER WAS REBOOTED:

Upon restart, OnlineArmor reported that it blocked AUTOBACK.EXE. OnlineArmor says,

"Status: Ask
Program name: AUTOBACK.EXE
Name: AUTOBACK.EXE,0.0.0.0,(0.0.0.0)
First Detected: 12/07/11 12:34:38
Trust Level: Unknown"

When I right-clicked on this line of info, in OnlineArmor, and chose Copy to Clipboard, it copied this:

AUTOBACK.EXE, 0.0.0.0, (0.0.0.0)
C:\Program Files\ERUNT\AUTOBACK.EXE
Hash(MD5): E00DE20F0F6BED5CD2160247DDC9443B

No log appeared to have been created from the first aswMBR scan, or at least there was nothing on the Desktop.

I clicked to start aswMBR.exe again, not intending to rescan but in hopes of getting some log or error message regarding the first scan. Again, a message from OnlineArmor said it asked for permission to start automatically, and I allowed, after unclicking, "Remember my decision."

The first time I restarted aswMBR.exe after reboot, it said it failed to initialize, which might be because it was waiting for me to respond to the firewall request for aswMBR.exe to run automatically. I asked for a log, which did not include info from the first scan, just this:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-10 19:59:46
-----------------------------
19:59:46.953 OS Version: Windows 5.1.2600 Service Pack 3
19:59:46.953 Number of processors: 2 586 0x403
19:59:46.953 ComputerName: USER-PC UserName: user
20:00:47.390 Initialze error C0000034 - driver not loaded
20:00:58.343 AVAST engine defs: 11121001
20:02:56.328 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

The second time, aswMBR.exe initialized successfully. I didn't scan. I created a log again:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-10 20:05:09
-----------------------------
20:05:09.921 OS Version: Windows 5.1.2600 Service Pack 3
20:05:09.921 Number of processors: 2 586 0x403
20:05:09.921 ComputerName: USER-PC UserName: user
20:05:21.125 Initialize success
20:05:27.625 AVAST engine defs: 11121001
20:37:38.093 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR 2.txt"

So, I'll have to wait for more information from you, before I can proceed.

Regarding Avira's report from Dec. 7, here's that log. To be clear,
this is not the last scan by Avira, but it's the last Avira scan to detect an infection, and the only Avira scan with a detection since the first symptoms of infection. As I reported below, for the first few days after signs of infection, Avira scans were clean, then this, on Dec. 7th:

Avira AntiVir Personal
Report file date: Wednesday, December 07, 2011 10:03

Scanning for 3542348 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : USER-PC

Version information:
BUILD.DAT : 10.2.0.690 35934 Bytes 6/22/2011 18:07:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/28/2011 16:25:09
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/28/2011 16:25:09
LUKE.DLL : 10.3.0.5 45416 Bytes 6/28/2011 16:25:10
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/28/2011 16:25:11
AVREG.DLL : 10.3.0.7 90472 Bytes 6/28/2011 16:25:10
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 10:19:52
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 16:13:30
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 12:48:11
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 13:21:53
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 20:17:30
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 10:09:51
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 20:40:15
VBASE008.VDF : 7.11.18.32 2132992 Bytes 11/24/2011 16:03:27
VBASE009.VDF : 7.11.18.33 2048 Bytes 11/24/2011 16:03:27
VBASE010.VDF : 7.11.18.34 2048 Bytes 11/24/2011 16:03:28
VBASE011.VDF : 7.11.18.35 2048 Bytes 11/24/2011 16:03:28
VBASE012.VDF : 7.11.18.36 2048 Bytes 11/24/2011 16:03:28
VBASE013.VDF : 7.11.18.89 204800 Bytes 11/28/2011 19:54:58
VBASE014.VDF : 7.11.18.145 143872 Bytes 12/1/2011 12:39:57
VBASE015.VDF : 7.11.18.180 173056 Bytes 12/2/2011 13:31:07
VBASE016.VDF : 7.11.18.208 164864 Bytes 12/5/2011 13:57:48
VBASE017.VDF : 7.11.18.239 177152 Bytes 12/6/2011 22:03:11
VBASE018.VDF : 7.11.18.240 2048 Bytes 12/6/2011 22:03:12
VBASE019.VDF : 7.11.18.241 2048 Bytes 12/6/2011 22:03:12
VBASE020.VDF : 7.11.18.242 2048 Bytes 12/6/2011 22:03:12
VBASE021.VDF : 7.11.18.243 2048 Bytes 12/6/2011 22:03:12
VBASE022.VDF : 7.11.18.244 2048 Bytes 12/6/2011 22:03:13
VBASE023.VDF : 7.11.18.245 2048 Bytes 12/6/2011 22:03:13
VBASE024.VDF : 7.11.18.246 2048 Bytes 12/6/2011 22:03:13
VBASE025.VDF : 7.11.18.247 2048 Bytes 12/6/2011 22:03:13
VBASE026.VDF : 7.11.18.248 2048 Bytes 12/6/2011 22:03:14
VBASE027.VDF : 7.11.18.249 2048 Bytes 12/6/2011 22:03:14
VBASE028.VDF : 7.11.18.250 2048 Bytes 12/6/2011 22:03:14
VBASE029.VDF : 7.11.18.251 2048 Bytes 12/6/2011 22:03:14
VBASE030.VDF : 7.11.18.252 2048 Bytes 12/6/2011 22:03:15
VBASE031.VDF : 7.11.19.20 88064 Bytes 12/7/2011 18:02:35
Engineversion : 8.2.6.128
AEVDF.DLL : 8.1.2.2 106868 Bytes 10/25/2011 19:03:56
AESCRIPT.DLL : 8.1.3.88 479611 Bytes 12/5/2011 17:50:22
AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 12:26:13
AESBX.DLL : 8.2.4.5 434549 Bytes 12/5/2011 17:50:24
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 03:46:30
AEPACK.DLL : 8.2.14.4 741752 Bytes 12/5/2011 17:50:18
AEOFFICE.DLL : 8.1.2.21 201084 Bytes 12/5/2011 17:50:12
AEHEUR.DLL : 8.1.3.3 3871095 Bytes 12/5/2011 17:50:10
AEHELP.DLL : 8.1.18.0 254327 Bytes 10/25/2011 19:03:18
AEGEN.DLL : 8.1.5.15 405878 Bytes 12/5/2011 17:49:46
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 12:23:32
AECORE.DLL : 8.1.24.0 196983 Bytes 10/25/2011 19:03:13
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 15:10:33
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/28/2011 16:25:09
AVREP.DLL : 10.0.0.10 174120 Bytes 5/17/2011 13:58:35
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/28/2011 16:25:09
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/28/2011 16:25:09
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/28/2011 16:25:08
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/28/2011 16:25:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: Wednesday, December 07, 2011 10:03

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '30' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '71' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '46' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'ccc.exe' - '162' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'OAhlp.exe' - '55' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'wuauclt.exe' - '47' Module(s) have been scanned
Scan process 'MOM.exe' - '60' Module(s) have been scanned
Scan process 'oaui.exe' - '57' Module(s) have been scanned
Scan process 'avgnt.exe' - '61' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '45' Module(s) have been scanned
Scan process 'ctfmon.exe' - '35' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'MDM.EXE' - '24' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'spoolsv.exe' - '57' Module(s) have been scanned
Scan process 'Explorer.EXE' - '170' Module(s) have been scanned
Scan process 'oasrv.exe' - '64' Module(s) have been scanned
Scan process 'OAcat.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '173' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '30' Module(s) have been scanned
Scan process 'lsass.exe' - '64' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '78' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1064' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\user\Local Settings\Temp\jar_cache489517355002911589.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\Local Settings\Temp\jar_cache489517355002911589.tmp
[DETECTION] Is the TR/Fake.Rean.3192 Trojan

Beginning disinfection:
C:\Documents and Settings\user\Local Settings\Temp\jar_cache489517355002911589.tmp
[DETECTION] Is the TR/Fake.Rean.3192 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c37185f.qua'.

End of the scan: Wednesday, December 07, 2011 11:20
Used time: 1:14:53 Hour(s)

The scan has been done completely.

7080 Scanned directories
282431 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
282430 Files not concerned
5329 Archives were scanned
0 Warnings
1 Notes
553989 Objects were scanned with rootkit scan
0 Hidden objects were found

[End of Avira scan]

I'll be checking back frequently, for your next instructions. Thanks for your continued help!

**Scolabar** · 2011-12-11, 17:27

Hi I_dream_of_Mercury,

Apologies for the inconvenience

and thank you for the Avira report.

Please delete the TDSSKiller.exe file on your Desktop.

Temporarily disable the real-time protection of your security software: Avira Antivir, Online Armor and Spybot S&D referring to This Howto Topic, if necessary. SpywareBlaster does not need to be disabled.

Then try running aswMBR again and the remaining steps.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

**I_dream_of_Mercury** · 2011-12-11, 20:50

Hi, again! Thanks for help getting the scans completed.

Included:

1. Did you have any problems carrying out the instructions?

ha, A bit, this time. After I disabled the three security softwares, and aswMBR was running, a scheduled daily Avira scan launched. Although I stopped it before it could scan anything, and although the guard was disabled, Windows shut down in self-defense, and I had to bring it all up again and start over.

2. Avira Anti-Virus Scan Report.

You've already received this, copied and pasted below, into post #8 of this thread.

3. aswMBR.txt.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-11 10:11:34
-----------------------------
10:11:34.515 OS Version: Windows 5.1.2600 Service Pack 3
10:11:34.515 Number of processors: 2 586 0x403
10:11:34.515 ComputerName: USER-PC UserName: user
10:11:36.375 Initialize success
10:12:04.234 AVAST engine defs: 11121001
10:12:13.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:12:13.062 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
10:12:13.078 Disk 0 MBR read successfully
10:12:13.093 Disk 0 MBR scan
10:12:13.171 Disk 0 Windows XP default MBR code
10:12:13.187 Disk 0 scanning sectors +312480315
10:12:13.312 Disk 0 scanning C:\WINDOWS\system32\drivers
10:12:33.125 Service scanning
10:12:35.250 Modules scanning
10:12:46.609 Disk 0 trace - called modules:
10:12:46.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
10:12:46.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dd4ab8]
10:12:46.671 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89e21d98]
10:12:48.453 AVAST engine scan C:\WINDOWS
10:13:06.125 AVAST engine scan C:\WINDOWS\system32
10:18:07.000 AVAST engine scan C:\WINDOWS\system32\drivers
10:18:30.250 AVAST engine scan C:\Documents and Settings\user
10:45:50.156 AVAST engine scan C:\Documents and Settings\All Users
10:52:31.687 Scan finished successfully
10:53:42.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
10:53:42.328 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR 1.txt"
10:56:39.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
10:56:39.765 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

4. OTL.txt.

OTL logfile created on: 12/11/2011 11:06:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.15% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 117.29 Gb Free Space | 78.75% Space Free | Partition Type: NTFS
Drive D: | 559.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 11:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2011/12/05 16:39:34 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/28 08:25:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/26 23:04:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 06:24:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/20 03:42:10 | 003,065,848 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/04/20 03:42:08 | 006,678,008 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/04/20 03:42:08 | 003,364,856 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/04/20 03:42:08 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/14 14:43:38 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 14:41:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 14:39:37 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/14 14:11:18 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 14:11:09 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 14:10:49 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 14:08:36 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 14:08:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 14:06:04 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/01/28 11:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/08/13 19:26:02 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/08/13 19:26:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/08/13 19:26:02 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/08/13 19:26:02 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/08/13 19:26:02 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/08/13 19:26:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/08/13 19:26:02 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/08/13 19:26:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/08/13 19:26:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/08/13 19:26:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/08/13 19:26:01 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/08/13 19:26:01 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/08/13 19:26:01 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3358.38386__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/08/13 19:26:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/08/13 19:26:01 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/08/13 19:26:01 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3358.38386__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:59 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:59 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:59 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:59 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/08/13 19:25:59 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:59 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:59 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:58 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:58 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/08/13 19:25:58 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/08/13 19:25:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/08/13 19:25:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/08/13 19:25:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/08/13 19:25:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/08/13 19:25:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/08/13 19:25:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/08/13 19:25:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/08/13 19:25:57 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/08/13 19:25:56 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/08/13 19:25:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/08/13 19:25:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/08/13 19:25:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/08/13 19:25:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/08/13 19:25:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/08/13 19:25:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/08/13 19:25:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/08/13 19:25:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/08/13 19:25:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/08/13 19:25:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/08/13 19:25:55 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/08/13 19:25:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/08/13 19:25:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/08/13 19:25:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/08/13 19:25:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/08/13 19:25:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/08/13 19:25:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/08/13 19:25:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/08/13 19:25:53 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/08/13 19:25:53 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/08/13 19:25:53 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/08/13 19:25:52 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/08/13 19:25:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/08/13 19:25:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/08/13 19:25:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/08/13 19:25:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/08/13 19:25:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/08/13 19:25:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/08/13 19:25:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/08/13 19:25:51 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/08/13 19:25:51 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/08/13 19:25:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/08/13 19:25:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/08/13 19:25:48 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/08/13 19:25:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/08/13 19:25:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/08/13 19:25:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/08/13 19:25:47 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/08/13 19:25:47 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll
MOD - [2009/08/13 19:25:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/08/13 19:25:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/11/18 12:25:08 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/05 16:39:34 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/28 08:25:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/26 23:04:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/20 03:42:08 | 003,364,856 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/04/20 03:42:08 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)

========== Driver Services (SafeList) ==========

DRV - [2011/06/28 08:25:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 08:25:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/04/20 03:13:30 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/04/20 03:13:14 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/04/20 03:13:10 | 000,228,216 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/13 12:23:44 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/05 17:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2005/03/17 15:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-839522115-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safer-networking.org/en/index.html
IE - HKU\S-1-5-21-1708537768-839522115-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_18.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

O1 HOSTS File: ([2011/12/07 03:27:59 | 000,438,884 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15096 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS\System32\P0630Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-839522115-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-839522115-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1708537768-839522115-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1708537768-839522115-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1250215367203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1250221790218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D32D97C7-A7FE-48E4-9546-8EC79641D39E}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/13 17:40:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 04:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9bbdad96-50a8-11df-94ed-001372e0b300}\Shell - "" = AutoRun
O33 - MountPoints2\{9bbdad96-50a8-11df-94ed-001372e0b300}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bbdad96-50a8-11df-94ed-001372e0b300}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 11:03:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/12/10 18:17:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2011/12/06 11:03:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.com
[2011/12/06 10:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/06 10:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/06 04:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 04:18:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/06 04:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/06 04:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT Registry Backup Tool
[2011/12/05 16:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sun
[2011/12/05 16:39:56 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/05 16:39:56 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/05 16:39:56 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/05 16:39:56 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/05 16:36:01 | 020,197,256 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\user\Desktop\jre-7u1-windows-i586.exe
[2011/12/05 10:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/12/04 13:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/12/04 13:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/04 13:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/01 05:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster(2)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[152 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[137 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/11 11:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2011/12/11 11:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/12/11 10:56:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBR.dat
[2011/12/11 10:53:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/12/11 10:07:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/11 10:05:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 19:58:08 | 000,153,102 | ---- | M] () -- C:\Documents and Settings\user\Desktop\OnlineArmor message after aswMBR hung requiring reboot.jpg
[2011/12/10 18:17:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2011/12/09 08:41:14 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/12/07 03:27:59 | 000,438,884 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/06 11:03:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.com
[2011/12/06 10:58:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/06 10:57:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk
[2011/12/06 10:36:23 | 000,006,997 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/12/06 04:18:27 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/06 04:18:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 03:52:57 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\user\Desktop\erunt.zip
[2011/12/05 16:39:33 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/05 16:39:33 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/05 16:39:33 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/05 16:39:33 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/05 16:39:32 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/05 16:36:01 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\user\Desktop\jre-7u1-windows-i586.exe
[2011/12/05 09:56:43 | 000,438,796 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111207-032759.backup
[2011/12/05 08:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/01 05:30:48 | 000,438,796 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111205-095643.backup
[2011/11/24 21:54:52 | 000,438,705 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111201-053048.backup
[2011/11/21 09:28:14 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/21 09:28:10 | 000,526,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 09:28:10 | 000,096,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 08:53:35 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Internet Explorer Troubleshooting.url
[2011/11/16 07:51:50 | 000,438,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111124-215452.backup
[2011/11/15 01:41:03 | 000,294,661 | ---- | M] () -- C:\Documents and Settings\user\My Documents\glove - found_leather_glove Yahoo acct info.jpg
[2011/11/15 01:38:56 | 000,161,439 | ---- | M] () -- C:\Documents and Settings\user\My Documents\gloves - lost gloves similar image - cropped.jpg
[2011/11/15 00:19:24 | 000,202,521 | ---- | M] () -- C:\Documents and Settings\user\My Documents\gloves - lost gloves similar image.jpg
[2011/11/14 18:06:26 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\user\My Documents\gloves lost Monday 11-14-2011.gif
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[152 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[137 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/11 10:53:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBR.dat
[2011/12/10 19:58:08 | 000,153,102 | ---- | C] () -- C:\Documents and Settings\user\Desktop\OnlineArmor message after aswMBR hung requiring reboot.jpg
[2011/12/06 10:58:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/06 10:57:45 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk
[2011/12/06 04:18:27 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/06 04:18:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 03:52:51 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\user\Desktop\erunt.zip
[2011/12/05 08:22:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/21 08:34:18 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Internet Explorer Troubleshooting.url
[2011/11/15 01:41:03 | 000,294,661 | ---- | C] () -- C:\Documents and Settings\user\My Documents\glove - found_leather_glove Yahoo acct info.jpg
[2011/11/15 01:38:56 | 000,161,439 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gloves - lost gloves similar image - cropped.jpg
[2011/11/15 00:19:24 | 000,202,521 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gloves - lost gloves similar image.jpg
[2011/11/15 00:17:12 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gloves lost Monday 11-14-2011.gif
[2011/07/25 19:52:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/03/09 20:49:29 | 000,516,692 | ---- | C] () -- C:\WINDOWS\vampsUninst.exe
[2010/10/18 21:45:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/09 02:41:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/08/18 09:20:29 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2010/07/30 18:45:27 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 04:41:11 | 000,006,997 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 19:43:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/13 17:53:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/08/13 17:52:17 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/13 17:51:34 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/08/13 17:51:34 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/08/13 17:51:34 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/13 17:42:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/13 17:36:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/13 10:30:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/13 10:28:58 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 04:00:00 | 000,526,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 04:00:00 | 000,096,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/04/15 08:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 08:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/25 09:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/12/09 23:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/06 06:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ElevatedDiagnostics
[2010/04/29 22:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2010/04/13 09:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IrfanView
[2010/04/08 07:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OnlineArmor
[2009/08/13 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/04/08 01:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/11/21 15:23:22 | 000,022,170 | ---- | M] ()(C:\Documents and Settings\user\My Documents\? -MIYAVI- ? Official Site ?MYV382TOKYO_com?.htm) -- C:\Documents and Settings\user\My Documents\雅 -MIYAVI- 新 Official Site 【MYV382TOKYO_com】.htm
[2010/11/21 15:23:22 | 000,022,170 | ---- | C] ()(C:\Documents and Settings\user\My Documents\? -MIYAVI- ? Official Site ?MYV382TOKYO_com?.htm) -- C:\Documents and Settings\user\My Documents\雅 -MIYAVI- 新 Official Site 【MYV382TOKYO_com】.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\user\Desktop\avira_antivir_personal_en.exe:SummaryInformation
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

...I'll have to add the OTL Extras.txt to a new post, as this is over the maximum characters.

Thread: No access to Internet Options, connectivity problem, and other problems

Thread Tools

Display

No access to Internet Options, connectivity problem, and other problems

Tags for this Thread

Posting Permissions