I think my computer is infected.

Status
Not open for further replies.
OTL.txt here:

OTL logfile created on: 9/26/2010 5:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gadfly\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.61 Gb Total Space | 16.03 Gb Free Space | 34.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIROKI
Current User Name: Gadfly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gadfly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
PRC - C:\WINDOWS\system32\TaskSwitch.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gadfly\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.8.5

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/22 21:26:54 | 000,000,000 | ---D | M]

[2008/11/22 10:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Extensions
[2009/09/13 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions
[2009/09/13 10:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/22 10:58:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/22 10:58:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/13 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\staged-xpis
[2009/12/05 14:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/22 21:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/09/23 17:07:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157768554078 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Gadfly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gadfly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 14:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\tdsskiller
[2010/09/23 19:47:22 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gadfly\Desktop\mbam-setup-1.46.exe
[2010/09/23 19:39:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/23 19:36:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\TFC.exe
[2010/09/23 16:50:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/23 16:50:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/23 16:50:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/23 16:50:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/23 16:49:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/23 15:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\Aero1.3.8
[2010/09/23 09:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\gmer
[2010/09/20 11:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\9-20-2010
[2010/09/20 11:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 11:25:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Gadfly\Desktop\erunt-setup.exe
[2010/09/20 11:18:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\OTL.exe
[2010/09/09 21:39:10 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/09 21:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\Sunbelt Software
[2010/09/09 19:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/09 19:10:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/09 19:10:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/09 19:10:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2007/04/04 11:58:29 | 000,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 30 Days ==========

[2010/09/26 17:31:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E14903A5-8CD0-4F6D-8286-8317D2832BD0}.job
[2010/09/26 17:08:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 15:58:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\OTL.exe
[2010/09/26 14:54:58 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\tdsskiller.zip
[2010/09/26 12:23:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/26 12:21:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/26 12:21:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/26 12:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/26 12:21:24 | 1600,585,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/25 08:43:47 | 000,209,224 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\romowithagift.jpg
[2010/09/24 20:21:53 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Gadfly\NTUSER.DAT
[2010/09/24 20:21:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gadfly\ntuser.ini
[2010/09/23 21:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/23 19:47:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gadfly\Desktop\mbam-setup-1.46.exe
[2010/09/23 19:36:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\TFC.exe
[2010/09/23 17:08:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/23 17:07:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/23 16:46:54 | 003,851,266 | R--- | M] () -- C:\Documents and Settings\Gadfly\Desktop\ComboFix.exe
[2010/09/23 15:10:46 | 001,020,700 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Aero1.3.8.zip
[2010/09/23 09:11:07 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\gmer.zip
[2010/09/22 22:21:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\MBRCheck.exe
[2010/09/22 14:51:39 | 000,087,706 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\63066_118987928154694_100001304621717_104899_1212206_n.jpg
[2010/09/22 14:50:17 | 000,059,683 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60545_117985001588320_100001304621717_100620_7526896_n.jpg
[2010/09/22 14:50:01 | 000,101,107 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60902_117984951588325_100001304621717_100615_4439154_n.jpg
[2010/09/22 14:48:26 | 000,055,395 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\47532_117545428298944_100001304621717_98698_8249426_n.jpg
[2010/09/22 14:45:45 | 000,053,925 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60982_117523418301145_100001304621717_98621_2281308_n.jpg
[2010/09/22 14:45:04 | 000,059,511 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60051_117327594987394_100001304621717_97641_7995432_n.jpg
[2010/09/22 14:44:23 | 000,058,314 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327541654066_100001304621717_97637_748196_n.jpg
[2010/09/22 14:39:56 | 000,024,862 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327538320733_100001304621717_97636_8004423_n.jpg
[2010/09/22 14:39:53 | 000,039,534 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\59121_117327521654068_100001304621717_97634_2053346_n.jpg
[2010/09/21 15:47:00 | 000,082,239 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Tony.png
[2010/09/21 10:23:39 | 000,103,556 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Out to Play Business Plan.docx
[2010/09/20 11:26:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\ERUNT.lnk
[2010/09/20 11:26:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Gadfly\Desktop\erunt-setup.exe
[2010/09/20 11:11:07 | 000,004,237 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.zip
[2010/09/20 11:08:42 | 000,004,056 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.rar
[2010/09/20 10:59:23 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\dds.com
[2010/09/16 14:26:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Gadfly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/16 14:26:28 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/16 14:26:28 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/16 14:26:27 | 000,525,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/16 12:26:25 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/16 12:25:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 11:22:48 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\faq.php
[2010/09/10 14:42:35 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Names.doc
[2010/09/09 21:39:10 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/09 20:02:02 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/08 16:06:00 | 000,104,965 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\C Street Business Plan.docx
[2010/09/01 12:19:09 | 000,037,640 | ---- | M] () -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/09/26 15:57:28 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Gadfly\mbr.log
[2010/09/26 14:54:53 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\tdsskiller.zip
[2010/09/25 08:44:05 | 000,209,224 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\romowithagift.jpg
[2010/09/23 16:50:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/23 16:50:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/23 16:50:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/23 16:50:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/23 16:50:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/23 16:46:54 | 003,851,266 | R--- | C] () -- C:\Documents and Settings\Gadfly\Desktop\ComboFix.exe
[2010/09/23 15:10:43 | 001,020,700 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Aero1.3.8.zip
[2010/09/23 09:11:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\gmer.zip
[2010/09/22 22:21:15 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\MBRCheck.exe
[2010/09/22 14:52:20 | 000,087,706 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\63066_118987928154694_100001304621717_104899_1212206_n.jpg
[2010/09/22 14:51:05 | 000,059,683 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60545_117985001588320_100001304621717_100620_7526896_n.jpg
[2010/09/22 14:50:53 | 000,101,107 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60902_117984951588325_100001304621717_100615_4439154_n.jpg
[2010/09/22 14:48:45 | 000,055,395 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\47532_117545428298944_100001304621717_98698_8249426_n.jpg
[2010/09/22 14:46:25 | 000,053,925 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60982_117523418301145_100001304621717_98621_2281308_n.jpg
[2010/09/22 14:45:29 | 000,059,511 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60051_117327594987394_100001304621717_97641_7995432_n.jpg
[2010/09/22 14:45:01 | 000,058,314 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327541654066_100001304621717_97637_748196_n.jpg
[2010/09/22 14:44:45 | 000,024,862 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327538320733_100001304621717_97636_8004423_n.jpg
[2010/09/22 14:44:19 | 000,039,534 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\59121_117327521654068_100001304621717_97634_2053346_n.jpg
[2010/09/21 15:47:00 | 000,082,239 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Tony.png
[2010/09/21 10:23:34 | 000,103,556 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Out to Play Business Plan.docx
[2010/09/20 11:26:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\ERUNT.lnk
[2010/09/20 11:11:07 | 000,004,237 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.zip
[2010/09/20 11:08:42 | 000,004,056 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.rar
[2010/09/20 10:59:22 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\dds.com
[2010/09/14 11:22:48 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\faq.php
[2010/09/08 16:05:57 | 000,104,965 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\C Street Business Plan.docx
[2010/09/07 15:18:51 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Names.doc
[2010/02/19 18:18:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/19 18:18:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/19 18:18:41 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/19 18:18:41 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/19 18:18:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/19 18:18:38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/19 18:18:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/14 17:36:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/14 17:31:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/11/14 17:31:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2007/07/29 20:29:26 | 000,005,980 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/25 13:46:21 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2007/05/17 18:52:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/04/04 11:58:27 | 000,001,345 | ---- | C] () -- C:\WINDOWS\DKAAT2DD.ini
[2007/02/27 20:34:46 | 000,036,636 | ---- | C] () -- C:\Documents and Settings\Gadfly\Application Data\Comma Separated Values (Windows).ADR
[2007/02/15 21:20:14 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/23 16:15:22 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/22 23:57:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/08 22:55:32 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2006/09/08 20:07:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\fusioncache.dat
[2006/09/08 20:00:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 19:47:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/08 19:44:38 | 000,000,522 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/08 19:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 19:39:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/08 19:29:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/07 21:22:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/07 21:22:10 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/24 10:33:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/01 20:11:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2005/04/01 20:11:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2003/11/12 09:16:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2003/05/27 14:49:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 18:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2000/02/17 13:57:02 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Gn32.dll
[1999/10/13 14:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Gns2kzip.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/08/10 19:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/06/07 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/03/28 18:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2009/12/02 08:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/15 10:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2007/01/21 18:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/04 12:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/12/05 13:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/03 11:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/17 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/01 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Alchemy Mindworks
[2010/06/07 14:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\bppenu11
[2008/09/14 15:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2009/03/12 19:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\CometNetwork
[2007/05/07 15:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Encompass
[2010/09/23 16:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\FileZilla
[2008/10/18 14:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\GlobalSCAPE
[2006/12/16 18:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\ICAClient
[2008/04/13 15:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\KompoZer
[2006/10/05 18:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Leadertech
[2007/04/28 18:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\LinkedIn
[2010/07/15 10:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Netscape
[2010/03/28 19:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Palo Alto Software
[2007/06/02 09:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\SecondLife
[2007/03/30 18:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Snapfish
[2008/03/19 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\TomTom
[2007/01/21 18:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Ulead Systems
[2007/03/19 10:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Viewpoint
[2010/02/19 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\WinAVI
[2010/09/23 21:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/26 17:31:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E14903A5-8CD0-4F6D-8286-8317D2832BD0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Gadfly\Desktop\Attach.txt:SummaryInformation
< End of report >
 
Windows seems to update fine. IE crashes often however, and very often gets bogged down to a hault. It locks up at least once a day.

It has improved 10 fold since we started this process though.
 
Open IE and go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Settings > Reset......will take a few seconds ...then ok your way out, close IE and then launch it again and see if it helped.

Let me know

The rest of your log looks fine, just looked like there could have been a problem with windows updates
 
Just did the reset. Give me a little time to test it out. We will see what happens. I'll let you know. Thanks for the Help thus far Ken. I'll try and respond by end of day.
 
Hows it going ? Let me know if you still need help , if not I can close this thread
 
Thank you much for your help. I think the problem is solved for the most part. At least at much as I think is possible. It's working a lot better. Still some problems, but I don't know what else could be done, or even which problems can be attributed to age, resources, etc.
 
What problems are you still having, let me know and if it appears windows related I can link you to a couple of good windows forums that can help you.

A computer will slow down a bit with age , as you start adding new programs and hardware. But this forum is for the removal of malware so we really cant get into any windows problems, so let me know what they are I can can pick the forum for you that may best meet your needs.

Ken
 
IE still often freezes, even after following your advice. Definately a possibility that maybe windows itself is running slow. Could also be age, but this all seemed fairly sudden.

I can say however that I'm running much better now after your help than before.
 
Why don't you go to this site and run the Overdrive Scan, it will access your system , may be able to see if something is amiss. After you run the scan, post in the forum with a link to the scan so a tech can look at it for you and offer advice. The site is free but you will need to register.

http://www.pcpitstop.com/

Good Luck,

Ken :)
 
Hi,

Hope you resolved your issue

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can damage your system

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • CF-Uninstall.png

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.





Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.







Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • WinPatrol Keep this fine program activated to block a lot of threats
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
Status
Not open for further replies.
Back
Top