Unable to resolve trojan virtumonde.sci

[Tom Bl]

This is my first post to this Forum.

I have an XP-Pro machine with Kaspersky Internet Security 2010. Stalling and slow performance and crashes (with MSIE 7 and other programs reported as "not responding") led me to run an additional scan with Spybot Search and Destroy. It identified "virtumonde.sci" described here: http://www.safer-networking.org/en/threats/2826.html

This follows months of Kaspersky updates, complete system scans and my following Kaspersky's instructions to maintain the system. It did not report this.

Since the stalling activity includes "Spybot Search and Destroy" itself I am unable to complete any virus removal with it. While S&D lists the virtumonde.sci, tryng the next step to remove it results only in a message of "not responding" shown in Windows Task Manager > Applications. Like many other programs it stalls and will not proceed further. I get this result whether Kaspersky Internet Security is running or disabled.

From other posts on the Internet I understand the key listed by S&D will reinstate itself if I used Regedit to remove it.

Thank you. A copy of dds.txt follows, and attach.txt in .zip form is attached:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Tom at 13:17:41 on 2011-07-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2004 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ShowBarObj Class: {2863e737-dd3f-4280-9af8-e9e79c16f312} - c:\program files\savetubevideo.com\savetubevideo\MinBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: ShowBarObjMp3 Class: {cf59ae24-5796-44fc-9575-8d4f383c65f8} - c:\program files\youtubemp3downloader.net\youtubemp3downloader\MinBHOMp3.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Save Tube Video: {f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} - c:\program files\savetubevideo.com\savetubevideo\SaveTubeVideo.dll
TB: YouTube MP3 Downloader: {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - c:\program files\youtubemp3downloader.net\youtubemp3downloader\YouTubeMP3.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: DzSoft Favorites Search: {4dc701a0-93ad-11d4-a15b-af07886e4a07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [fsm]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [X-keys Programming] c:\program files\pi engineering\x-keys\XKWdkApp.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [STT]
mRun: [Simpo Print Server] c:\program files\simpo pdf creator\SimpoPrintSrv.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [msjavadll] javaw
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [<NO NAME>]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office97\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\windows\system32\taskmgr.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\soundtaxi\YouTubeRipper.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C26F6653-815B-4AE6-A85E-9A7D0022DE94} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tom\application data\mozilla\firefox\profiles\l9ajnjqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\savetubevideo.com\savetubevideo\ff\components\swslib.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\tom\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\np32dsw.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprfxins.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: SaveTubeVideo.Com: SearchToolbar@skywebsearch.com - c:\program files\savetubevideo.com\savetubevideo\FF
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-30 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-13 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-13 712048]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-10-20 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2009-12-9 234304]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-6-13 243856]
R3 hhdserial;HHD Software Serial Monitor (DMS) Monitoring Driver;c:\windows\system32\drivers\hhdserial.sys [2008-11-16 30856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-9 110080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-2-1 23096]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca64736f5e235c;Google Update Service (gupdate1ca64736f5e235c);c:\program files\google\update\GoogleUpdate.exe [2009-11-13 133104]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2010-1-28 335872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-13 133104]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2011-5-29 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NRKCTL32;NRKCTL32;c:\program files\wcpuid\NRKCTL32.SYS [2008-11-6 3968]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-2-1 249856]
S3 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2010-1-15 335872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xkeysw2k;X-keys Device;c:\windows\system32\drivers\XKEYSW2K.SYS [2010-8-5 33519]
.
=============== Created Last 30 ================
.
2011-07-05 07:35:34 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b28f5e8f-848b-4ca3-9eab-57ce18d352e9}\mpengine.dll
2011-07-05 04:53:24 -------- d-----w- C:\VundoFix Backups
2011-07-05 01:56:22 -------- d-----w- c:\program files\CCleaner
2011-07-03 16:27:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-03 16:27:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-28 18:54:24 388096 ----a-r- c:\documents and settings\tom\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-28 18:54:24 -------- d-----w- c:\program files\Trend Micro
2011-06-27 03:07:26 -------- d-----w- c:\documents and settings\tom\local settings\application data\Fidelity Investments
2011-06-27 03:07:25 -------- d-----w- c:\documents and settings\tom\application data\Fidelity Investments
2011-06-26 23:33:32 -------- d-----w- c:\program files\New Folder
2011-06-25 13:36:00 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-06-25 13:34:19 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-25 13:33:15 -------- d-----w- c:\documents and settings\tom\local settings\application data\Microsoft Help
2011-06-23 16:00:24 -------- d-----w- c:\program files\Fidelity Investments
2011-06-23 16:00:24 -------- d-----w- c:\program files\common files\Crystal Decisions
2011-06-23 16:00:24 -------- d-----w- c:\documents and settings\all users\application data\Fidelity Investments
2011-06-21 17:01:11 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-06-21 17:01:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 08:55:48 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-10 13:20:57 -------- d-----w- C:\Test
2011-06-06 17:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 17:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-25 11:38:42 2306 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-06-17 08:03:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 20:49:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-23 00:21:42 0 ----a-w- c:\windows\t1784_61.tmp
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
2011-04-22 00:18:02 72080 ----a-w- c:\documents and settings\tom\g2mdlhlpx.exe
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:17:44 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2011-04-19 16:17:44 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-02-01 03:23:10 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
============= FINISH: 13:18:15.07 ===============

 

[ken545]

:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.





Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.







Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

 

[Tom Bl]

Copy of requested log - Malwarebytes

Spybot S&D no longer lists Virtumonde.sci. It does have other entries, such as Doubleclick cookies.

When Spybot S&D finishes, it is shown in Task Manager>Applications as "not responding"

Copy of requested Malwarebytes log:



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7062

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07/10/11 9:30:35 AM
mbam-log-2011-07-10 (09-30-35).txt

Scan type: Quick scan
Objects scanned: 181596
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231F-9D6F-4B0E-9041-5DD7484564AD} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MinBHO.ShowBarObj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MinBHO.ShowBarObj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{70EF8B2A-3A34-4913-AAFC-5A2827E0B1B1} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{AD49CE2B-B922-4E2A-AAD9-C1565855C7BC} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBand.1 (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBand (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveTubeVideo_is1 (Adware.SkyLab) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Value: {F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Value: {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\savetubevideo.com (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale\en-US (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\documents and settings\Tom\.jnana (Bot.jnana) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\savetubevideo.com\savetubevideo\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\savetubevideo.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\browserstartpage.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\Config.dat (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\downloader.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\googlechromeextansion.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\index.htm (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\installhelper.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\preferencesoriginal (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\starburnrds.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\transport_dll.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\unins000.dat (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\unins000.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\Updater.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\Web Data (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\web data-journal (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\allkeywords.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome.manifest (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\install.rdf (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\searchtoolbar@skywebsearch.com (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\tmp (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\about.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\googlefeed.xml (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\googlesearch.htm (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\registerdialog.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\registerdialog.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\settings.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\skysearchtoolbar.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\skysearchtoolbar.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\startabout.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\content\unregister.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\locale\en-US\toolbar.properties (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\about.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\aboutDlg.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\addvideo.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\bigbutton.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\burnit.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\gripper.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\icon.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\icon16-16.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\register.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\savevideo.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\savevideo2.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\search.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\settings.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\showstatus.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\skysearchtoolbar.css (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\smile!.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\chrome\skin\videooftheday.png (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\ISwslib.xpt (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\nsirdshistoryservice.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\nsirdshistoryservice.xpt (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\rdstb-autocomplete.js (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\FF\components\swslib.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search\index.htm (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search\manifest.json (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files\savetubevideo.com\savetubevideo\google custom search\redirect.html (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\documents and settings\Tom\.jnana\ofex.7z (Bot.jnana) -> Quarantined and deleted successfully.

 

[ken545]

Wow, a lot has been removed

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[Tom Bl]

Response with

Wow, a lot has been removed

Yes. Everything that was removed was passed as OK by Kaspersky with their full system scans using their latest updates.

For aswmbr.exe, the program advises that definition updates are available. I downloaded them. The first time this program tried to run, it crashed. I ran it again, but "Paused" Kaspersky first. This took a very long time to run. (If you need me to do this differently, let me know.) Here is the resulting log:

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-10 21:46:46
-----------------------------
21:46:46.406 OS Version: Windows 5.1.2600 Service Pack 3
21:46:46.406 Number of processors: 4 586 0x1707
21:46:46.406 ComputerName: TOM-2008 UserName: Tom
21:46:53.187 Initialize success
21:47:16.625 AVAST engine defs: 11071001
21:47:37.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:47:37.437 Disk 0 Vendor: WDC_WD5000AACS-00G8B0 05.04C05 Size: 476940MB BusType: 3
21:47:37.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
21:47:37.437 Disk 1 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152627MB BusType: 3
21:47:37.437 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-22
21:47:37.437 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
21:47:37.453 Disk 0 MBR read successfully
21:47:37.453 Disk 0 MBR scan
21:47:37.453 Disk 0 Windows XP default MBR code
21:47:37.468 Disk 0 scanning sectors +976752000
21:47:37.546 Disk 0 scanning C:\WINDOWS\system32\drivers
21:48:22.437 Service scanning
21:48:28.437 Disk 0 trace - called modules:
21:48:28.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
21:48:28.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b44c828]
21:48:28.468 3 CLASSPNP.SYS[ba128fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b3b7b00]
21:48:34.328 AVAST engine scan C:\WINDOWS
23:14:52.562 AVAST engine scan C:\Documents and Settings\Tom
02:38:56.625 AVAST engine scan C:\Documents and Settings\All Users
03:32:27.078 Scan finished successfully
04:34:50.750 Disk 0 MBR has been saved successfully to "C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\MBR.dat"
04:34:50.765 The log file has been saved successfully to "C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\aswMBR.txt"



I am sending the other files separately

If you need me to send any of the .txt files as attachments, please let me know.

 

[Tom Bl]

OTL Extras.Txt

Here is OTL Extras.Txt :

OTL Extras logfile created on: 07/11/11 4:42:27 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.96 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.02% Memory free
10.79 Gb Paging File | 10.04 Gb Available in Paging File | 93.03% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 119.83 Gb Free Space | 25.73% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.15 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1730.00 Gb Free Space | 92.86% Space Free | Partition Type: NTFS

Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"40327:TCP" = 40327:TCP:*:Enabled:HTTPWeb
"41489:TCP" = 41489:TCP:*:Enabled:HTTPWeb
"20632:TCP" = 20632:TCP:*:Enabled:HTTPWeb
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Hewlett-Packard\HP Download Manager\hpjdwnld.exe" = C:\Program Files\Hewlett-Packard\HP Download Manager\hpjdwnld.exe:*:Enabled:HP Networked Printer Installer -- (Hewlett Packard Company)
"C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.exe" = C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.exe:*:Enabled:Flv2mp3 -- (Sky lab Software)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe" = C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{050A0D31-6B33-4137-ADE5-C0896E5FA98D}_is1" = TuneGet 1.3.5
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{20807E8D-3FA4-48DA-801B-EFFEB5602C67}_is1" = SoftChronizer v1.1.3
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C74E5F7-CA12-4BCC-AD46-1B5DFB766088}" = Nitro PDF Professional
"{30F8B542-330F-4B99-9813-7A6C5283D212}_is1" = iCare Data Recovery Software3.5
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0A62A4-FA3A-4112-A20E-0CC27D7B0B3D}_is1" = Moyea PPT to PDF Converter version 1.0.4.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3ED23569-E4C3-42EA-98E3-2658DBF2E3BC}" = Mastering High School Math 2009
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 2.5.4)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero7 Ultra Edition
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{529A52D1-5521-436B-83AB-1322780DCDAD}" = H&R Block Premium + Efile + State 2010
"{550F1458-C490-417A-9666-DD7DAEC3F077}" = Magic Collage
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56C26831-6829-4377-A9A1-14691666F8B9}" = SDR Data Transfer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58D7646E-F663-4540-8CFA-3EDFD7DA8647}" = Wealth-Lab Pro 6.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.7.3 (11/2009)
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BBF5BE5-29C9-423C-AE00-4AAFE375FBBA}" = ACDSee 7 User Guide
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6492E083-6C10-4973-B851-D723448CA797}_is1" = ComTekk
"{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}" = Diskeeper 2008 Pro Premier
"{67EC0571-4B4E-40C2-8A81-8C1B02D87DB0}" = iDEN Phonebook Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6CAE95DB-5D4E-11D4-8E9C-00E0292C9FA3}" = Nova for Windows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72AE5ECD-0CAF-4017-BC86-E2908014C09C}" = E-Transcript Bundle Viewer
"{73966F0C-0541-4B1B-B352-6012ABC17D9F}" = ShopSafe
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F1827C1-B8D9-42BC-B707-E59E74A69271}" = Fidelity Active Trader Pro®
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3043377-81E5-4370-B030-3FB4FA8CA81D}" = Radiotracker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADEEF49C-F512-455E-A8AA-C5C8235C70C6}" = Simple Task Timer
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2E3AF81-C7DE-42AE-B64D-FAF588248CD0}" = HD Audio Recorder
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c2398e5d-294d-4d5a-85b8-31cc3149441d}" = Nero 9
"{C4526CCC-CF15-4908-892F-37FAF69946A6}_is1" = nFLVPlayer
"{C531F248-1EC0-4C5D-A32C-A16672929B42}" = ACD Media Support Package 1.0
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
"{C8F4904F-51F4-4312-BE64-FF1D23606E86}_is1" = Sothink Logo Maker
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D47A18EF-38BC-4951-A344-9800D3BF4D53}" = ScreenCamera
"{D56C7EAB-BEE6-4D51-86CF-419FFC07FF11}_is1" = iolo technologies' Search and Recover
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0904}" = Microsoft Digital Image Pro 9
"{DC33421C-0E1C-470A-BE37-7B7C82677812}" = EchoLink
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529044}" = WordPerfect Office X4 - IPM HSE EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections
"{E00C0B99-7BEA-4785-995A-919F28AE6900}" = X-keys
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4280946-3773-490C-9A7B-1FCD0E6CB0CF}" = Intel(R) Integrator Assistant
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDD8E223-270B-4BD7-BD67-6E4A60E0BE86}" = Ringtone Media Studio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"7-Zip" = 7-Zip 4.65
"A&E Criss Angel" = A&E Criss Angel Screen Saver
"ActiveHome" = ActiveHome(TM)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Kindle" = Amazon Kindle
"Animated Wallpaper Maker" = Animated Wallpaper Maker
"Applian FLV Player2.0.24" = Applian FLV Player
"ATT-RC" = ATT-RC Self Support Tool
"AV Music Morpher" = AV Music Morpher
"Batch Picture Watermark_is1" = Batch Picture Watermark 1.4
"Belarc Advisor" = Belarc Advisor 8.1
"Big City Night 3D_is1" = Big City Night 3D 1.0
"CAL" = Canon Camera Access Library
"CameraUserGuide-PS95" = Canon PowerShot S95 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool YouTube To Mp3 Converter_is1" = Cool YouTube To Mp3 Converter 2.5.1.1
"Corner-A ArtStudio" = Corner-A ArtStudio
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Cover Commander" = Cover Commander 3.1.3 by Insofta Development
"Crave World Clock_is1" = Crave World Clock 1.1
"Desktop Icon Toy_is1" = Desktop Icon Toy 4.0
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DzFavSeek_is1" = DzSoft Favorites Search 2.1
"EASEUS Data Recovery Wizard 5.0.1_is1" = EASEUS Data Recovery Wizard 5.0.1
"Easy Start Menu Organizer" = Easy Start Menu Organizer 3.0
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.1.0.1
"FLVCodec" = PlayFLV
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"greenstreet Font Manager" = greenstreet Font Manager
"H&R Block Business 2009" = H&R Block Business 2009 (Remove Only)
"H&R Block Business 2010" = H&R Block Business 2010 (Remove Only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HHD Device Monitoring Studio 5.01" = HHD Software Device Monitoring Studio 5.22
"HoTMetaLPRO" = SoftQuad HoTMetaL PRO
"HP Download Manager" = HP Download Manager
"Icepine Video Converter Pro 2_is1" = Icepine Video Converter Pro 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iLivid" = iLivid
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"iPixSoft Flash Slideshow Creator_is1" = iPixSoft Flash Slideshow Creator (1.8.6.2)
"ispresenter_is1" = iSpring Presenter 4.3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MagicScore_is1" = MagicScore
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Maxthon" = Maxthon Browser (remove only)
"MCP-D700" = MCP-D700
"mediAvatar Video to DVD Converter" = mediAvatar Video to DVD Converter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (2.0.0.4)" = Mozilla Thunderbird (2.0.0.4)
"MPEG-VCR" = MPEG-VCR 3.14.7.3 (11/2009)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Netscape Communicator 4.8" = Netscape Communicator 4.8
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Digital Image Pro 9
"RealPlayer 12.0" = RealPlayer
"Simpo PDF Creator_is1" = Simpo PDF Creator 2.0.0
"Site Content Analyzer_is1" = Site Content Analyzer 3.2
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Software Informer_is1" = Software Informer 1.0 BETA
"SoundTaxi_is1" = SoundTaxi 3.9.6
"Speccy" = Speccy
"STMediaSuite" = SoundTaxi Media Suite 3.9.6
"Sun Village 3D Screensaver_is1" = Sun Village 3D Screensaver 1.1
"TaxCut Business 2007" = TaxCut Business 2007 (Remove Only)
"TaxCut Business 2008" = TaxCut Business 2008 (Remove Only)
"TaxCut Premium 2006" = TaxCut Premium 2006
"Totally MAD" = Totally MAD
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Tweak UI 2.10" = Tweak UI
"VideoCacheView" = VideoCacheView
"VLC media player" = VLC media player 1.0.1
"WaveMax Sound Editor_is1" = WaveMax Sound Editor 4.5.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinX DVD Ripper Platinum GOTD Special Edition_is1" = WinX DVD Ripper Platinum 5.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare iPhone Ringtone Converter_is1" = Wondershare iPhone Ringtone Converter(Build 1.0.3.0)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"YouTubeMP3_is1" = YouTubeMP3Downloader 2.0 (20091126)
"Zinio Reader" = Zinio Reader
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/07/11 5:31:47 PM | Computer Name = TOM-2008 | Source = Application Error | ID = 1001
Description = Fault bucket -1806181160.

Error - 07/08/11 8:08:15 AM | Computer Name = TOM-2008 | Source = Application Error | ID = 1000
Description = Faulting application pdfsave.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x025fb060.

Error - 07/08/11 1:42:28 PM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/08/11 1:42:33 PM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 07/08/11 10:03:00 PM | Computer Name = TOM-2008 | Source = Application Error | ID = 1000
Description = Faulting application ilivid.exe, version 0.0.0.0, faulting module
qtwebkit4.dll, version 4.7.3.0, fault address 0x00880e7c.

Error - 07/09/11 3:08:13 PM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/09/11 3:08:17 PM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.

Error - 07/10/11 11:20:32 AM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/10/11 11:20:39 AM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.

Error - 07/10/11 1:07:58 PM | Computer Name = TOM-2008 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 07/11/11 12:12:14 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:29:33 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:30:19 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:32:34 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:34:57 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:36:07 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:36:59 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:39:38 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:40:08 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 07/11/11 12:40:32 AM | Computer Name = TOM-2008 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

 

[Tom Bl]

Otl.txt

Here is OTL.TXT:

OTL logfile created on: 07/11/11 4:42:26 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.96 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.02% Memory free
10.79 Gb Paging File | 10.04 Gb Available in Paging File | 93.03% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 119.83 Gb Free Space | 25.73% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.15 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1730.00 Gb Free Space | 92.86% Space Free | Partition Type: NTFS

Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: SearchToolbar@skywebsearch.com:3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]

[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/09 14:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/09 14:23:24 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/05 15:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\SAVETUBEVIDEO.COM\SAVETUBEVIDEO\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O3 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [STT] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 23:53:24 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
[2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 04:49:05 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/11 04:38:52 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/11 04:38:51 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/11 04:26:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 04:26:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 02:07:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/10 21:44:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/10 21:38:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/10 21:37:28 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/10 21:37:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/10 21:37:17 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 19:48:45 | 000,000,204 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/10 07:25:30 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/09 15:35:44 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/06 10:02:51 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/29 04:45:35 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'S® Dinner Club.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-Miles® Miles for Minutes®.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/06/25 03:19:33 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
[2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:17 | 000,000,048 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,204 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spearit
[2010/08/15 01:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3Planesoft
[2010/02/22 02:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/10/15 10:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATX
[2010/09/30 04:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/25 12:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/12/11 08:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/08 17:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2011/06/26 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2009/06/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/11/04 19:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/25 20:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mediAvatar
[2010/11/29 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/10 14:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/11 06:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/27 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/04/13 03:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/09 04:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/24 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wavelet Labs
[2008/10/11 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/05 02:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2009/05/15 17:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 13:30:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2009/06/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 09:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2010/12/13 05:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\.oit
[2008/10/09 09:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2011/05/24 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Amazon
[2010/11/08 00:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2008/10/09 08:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/08 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ContentGuard
[2009/12/06 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Cool YouTube To Mp3 Converter
[2010/11/29 03:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Downloaded Installations
[2010/11/04 21:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ElevatedDiagnostics
[2009/04/12 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Eltima Software
[2011/03/27 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Facebook
[2011/06/26 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2009/12/17 04:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FILEminimizerPictures
[2011/07/07 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FileZilla
[2010/07/29 05:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\GARMIN
[2009/12/24 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\HD Audio Recorder
[2009/12/13 19:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Icevc
[2009/06/13 09:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\iolo
[2010/03/04 02:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Magic Collage
[2011/04/25 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mediAvatar
[2009/11/30 06:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Moyea
[2010/07/10 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\MozBackup
[2011/06/25 06:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nitro PDF
[2009/06/25 04:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2011/04/19 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\pdf995
[2009/11/15 15:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Publish Providers
[2010/03/17 03:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Software Informer
[2011/03/27 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Spearit
[2011/05/01 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TaxCut
[2010/10/24 05:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Thunderbird
[2011/03/22 19:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WaveMax Sound Editor
[2008/10/11 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WildTangent
[2008/12/17 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2011/07/11 02:07:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/11 04:49:05 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/10 21:37:28 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDB71CBA

< End of report >

 

[ken545]

With the amount of junk that Malwarebytes removed lets run this program, be sure to disable Kaspersky

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[Tom Bl]

Answer - ComboFix.exe 7-12-2011

With the amount of junk that Malwarebytes removed lets run this program, be sure to disable Kaspersky

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

OK - I followed that. I don't think it was successful as I never saw C:\ComboFix.txt

I did a search of Drive C for this and it does not exist.

Fortunately I was taking photos from the screen with my camera. Two are attached.

When I saw "Do you want to remove the folder Windows and remove all its contents to the recycle bin" I selected NO. This development was unexpected. It seems without programs it was going to remove I would have a dead system. I Xed out. I restarted using Windows Task Manager.

The computer did slowly restart again.

Should I try this again? Or something else?

Is there info in the pictures that shows a virus? (All this was skipped over by Kaspersky)

 

[Tom Bl]

Addendum

I should add the Recycle bin was empty when I restarted

 

[ken545]

A few things

1. The windows folder is in C:\windows, the one that Combofix found and wanted to delete was bogus, look at the file path in the pictures you posted

2. C:\ComboFix.txt <--The log can be found here

3. Is this a company computer ?

 

[Tom Bl]

Reply 7-13-11

A few things

1. The windows folder is in C:\windows, the one that Combofix found and wanted to delete was bogus, look at the file path in the pictures you posted

OK. This is my first experience with Combofix. Should I run it again?

2. C:\ComboFix.txt <--The log can be found here

I looked again and did not find ComboFix.txt or anything like that there. I then did a scan of the whole computer. It's not there. I suspect it's because of me ending Combofix when it ran.

I did find a C:\Combofix folder. Should it be deleted?

3. Is this a company computer ?

No, it's my personal PC at home

 

[ken545]

Go ahead and run a new scan with Combofix but first drag it to the trash and you can use the links I provided and download a fresh updated copy

 

[Tom Bl]

Response with Combofix log attached

OK - The Combofix.txt log is attached.

This is from the latest Combofix program you said I should download. I removed the old Combofix from the system.

ComboFix 11-07-14.05 - Tom 07/14/11 13:33:17.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2274 [GMT -5:00]
Running from: c:\i\Programs From Internet\Virtumonde sci removal 7-10-11\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tom\WINDOWS
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-12 07:42 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DBAD44D7-F76A-4ED5-AC6A-072B53713885}\mpengine.dll
2011-07-10 14:04 . 2011-07-10 14:04 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2011-07-10 13:55 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 13:55 . 2011-07-10 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-10 13:47 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 13:47 . 2011-07-10 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-08 18:31 . 2011-07-08 18:31 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Ilivid Player
2011-07-08 18:30 . 2011-07-08 18:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
2011-07-08 18:30 . 2011-07-08 18:30 -------- d-----w- c:\program files\iLivid
2011-07-08 18:19 . 2011-07-08 18:19 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\PackageAware
2011-07-05 01:56 . 2011-07-05 01:56 -------- d-----w- c:\program files\CCleaner
2011-07-03 16:27 . 2011-07-09 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-03 16:27 . 2011-07-09 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-28 18:54 . 2011-06-28 18:54 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-28 18:54 . 2011-06-28 18:54 -------- d-----w- c:\program files\Trend Micro
2011-06-27 03:07 . 2011-06-27 03:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Fidelity Investments
2011-06-27 03:07 . 2011-06-27 03:07 -------- d-----w- c:\documents and settings\Tom\Application Data\Fidelity Investments
2011-06-26 23:33 . 2011-06-26 23:33 -------- d-----w- c:\program files\New Folder
2011-06-25 13:36 . 2011-06-25 13:36 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-06-25 13:34 . 2011-06-25 13:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-25 13:33 . 2011-06-25 13:33 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Microsoft Help
2011-06-25 13:33 . 2011-06-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-23 16:00 . 2011-06-27 02:59 -------- d-----w- c:\program files\Fidelity Investments
2011-06-23 16:00 . 2011-06-27 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Fidelity Investments
2011-06-23 16:00 . 2011-06-23 16:00 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2011-06-21 17:01 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-21 17:01 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-21 16:12 . 2011-06-21 16:12 -------- d-----w- c:\program files\Windows Defender
2011-06-16 08:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 11:38 . 2010-05-25 17:20 2306 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-06-17 08:03 . 2011-06-03 08:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 20:49 . 2008-10-24 19:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-23 00:21 . 2011-05-23 00:21 0 ----a-w- c:\windows\t1784_61.tmp
2011-05-04 09:52 . 2010-09-08 10:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-09-21 07:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-10-08 08:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 05:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 04:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-04 05:56 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2009-06-04 11:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-04 05:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-04 05:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 03:59 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 04:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:17 . 2008-10-30 14:25 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2011-04-19 16:17 . 2008-10-30 14:25 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-02-01 03:23 . 2009-02-01 03:22 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-10-29 2699334]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-26 94208]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2011-04-25 42392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msjavadll"="javaw" [X]
"X-keys Programming"="c:\program files\PI Engineering\X-keys\XKWdkApp.exe" [2003-07-10 516608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-26 458865]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Simpo Print Server"="c:\program files\Simpo PDF Creator\SimpoPrintSrv.exe" [2009-10-29 101376]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-08 142872]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-09-22 862720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-08 173592]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-24 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\Tom\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-8-5 221247]
Office Startup.lnk - c:\program files\Microsoft Office97\Office\OSA.EXE [1997-7-11 51984]
Shortcut to taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Download Manager\\hpjdwnld.exe"=
"c:\\Program Files\\YouTubeMP3Downloader.net\\YouTubeMP3Downloader\\YouTubeMP3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40327:TCP"= 40327:TCP:HTTPWeb
"41489:TCP"= 41489:TCP:HTTPWeb
"20632:TCP"= 20632:TCP:HTTPWeb
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/09 8:18 PM 36880]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/13/09 9:44 AM 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/13/09 9:44 AM 712048]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/10/11 8:55 AM 366640]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [10/20/10 6:41 PM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/20/10 6:41 PM 67904]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [12/09/09 4:28 AM 234304]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [08/04/04 12:56 AM 5120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/03/06 7:19 PM 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [06/13/08 4:42 PM 243856]
R3 hhdserial;HHD Software Serial Monitor (DMS) Monitoring Driver;c:\windows\system32\drivers\hhdserial.sys [11/16/08 3:38 PM 30856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/09/08 3:17 AM 110080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [09/14/09 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/02/09 6:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/10/11 8:47 AM 22712]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [02/01/10 4:56 AM 23096]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/07 5:13 PM 1562096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/10 1:16 PM 130384]
S2 gupdate1ca64736f5e235c;Google Update Service (gupdate1ca64736f5e235c);c:\program files\Google\Update\GoogleUpdate.exe [11/13/09 10:10 AM 133104]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/09 11:58 AM 11336]
S3 GSService;GSService;c:\windows\system32\GSService.exe [01/28/10 3:35 AM 335872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/13/09 10:10 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/10/11 8:55 AM 39984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [05/29/11 8:33 AM 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/06/07 3:22 PM 34064]
S3 NRKCTL32;NRKCTL32;c:\program files\WCPUID\NRKCTL32.SYS [11/06/08 12:45 PM 3968]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/10 9:37 PM 4640000]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [02/01/10 4:56 AM 249856]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [01/15/10 5:23 AM 335872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [08/04/04 12:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/10 1:16 PM 753504]
S3 xkeysw2k;X-keys Device;c:\windows\system32\drivers\XKEYSW2K.SYS [08/05/10 6:24 PM 33519]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 00:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-13 06:17]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 15:10]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 15:10]
.
2011-07-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-07-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-STT - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\stacapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2011-07-14 14:09:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 19:09
.
Pre-Run: 132,800,520,192 bytes free
Post-Run: 133,637,849,088 bytes free
.
- - End Of File - - BE7603FC193B6A2E698E32BBB56C3B47

 

[ken545]

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE

c:\windows\t1784_61.tmp <--Delete this file



OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[Tom Bl]

Otl.txt 7-14-11

Otl.txt 7-14-11

 

[Tom Bl]

OTL.TXT 7-14-11 (2nd try)

OTL.TXT 7-14-11 (2nd try)


"The text that you have entered is too long (64752 characters). Please shorten it to 64000 characters long." I have edited this to post into 2 separate messages.



OTL logfile created on: 07/14/11 6:43:12 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.96 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 78.30% Memory free
10.79 Gb Paging File | 10.12 Gb Available in Paging File | 93.78% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 124.43 Gb Free Space | 26.72% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.12 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1729.64 Gb Free Space | 92.84% Space Free | Partition Type: NTFS

Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]

[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/07/14 13:58:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
[2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/14 18:36:41 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 18:36:40 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 18:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/14 17:10:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/14 14:33:11 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/14 14:01:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/14 14:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/14 13:58:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/14 13:58:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/14 13:58:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 13:58:01 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 22:11:58 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/13 18:03:29 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/12 13:29:53 | 000,000,400 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
[2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/29 04:45:35 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'S® Dinner Club.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-Miles® Miles for Minutes®.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
[2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

 

[Tom Bl]

OTL.TXT 7-14-11 (2nd try) - Part 2 of 2

========== LOP Check ==========

[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spearit
[2010/08/15 01:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3Planesoft
[2010/02/22 02:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/10/15 10:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATX
[2010/09/30 04:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/25 12:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/12/11 08:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/08 17:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2011/06/26 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2009/06/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/11/04 19:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/25 20:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mediAvatar
[2010/11/29 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/14 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/11 06:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/27 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/04/13 03:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/09 04:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/24 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wavelet Labs
[2008/10/11 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/05 02:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2009/05/15 17:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 13:30:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2009/06/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 09:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2010/12/13 05:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\.oit
[2008/10/09 09:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2011/05/24 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Amazon
[2010/11/08 00:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2008/10/09 08:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/08 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ContentGuard
[2009/12/06 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Cool YouTube To Mp3 Converter
[2010/11/29 03:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Downloaded Installations
[2010/11/04 21:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ElevatedDiagnostics
[2009/04/12 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Eltima Software
[2011/03/27 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Facebook
[2011/06/26 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2009/12/17 04:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FILEminimizerPictures
[2011/07/07 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FileZilla
[2010/07/29 05:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\GARMIN
[2009/12/24 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\HD Audio Recorder
[2009/12/13 19:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Icevc
[2009/06/13 09:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\iolo
[2010/03/04 02:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Magic Collage
[2011/04/25 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mediAvatar
[2009/11/30 06:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Moyea
[2010/07/10 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\MozBackup
[2011/06/25 06:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nitro PDF
[2009/06/25 04:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2011/04/19 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\pdf995
[2009/11/15 15:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Publish Providers
[2010/03/17 03:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Software Informer
[2011/03/27 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Spearit
[2011/05/01 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TaxCut
[2010/10/24 05:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Thunderbird
[2011/03/22 19:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WaveMax Sound Editor
[2008/10/11 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WildTangent
[2008/12/17 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2011/07/14 14:01:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/14 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDB71CBA

< End of report >

 

[Tom Bl]

Extras.Txt ?

OTL did not produce an Extras.txt file. I ran OTL again and it didn't produce one the 2nd time, either. (I did a complete search on C: )

 

[ken545]

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
  2011-05-23 00:21 . 2011-05-23 00:21	0	----a-w-	c:\windows\t1784_61.tmp
  @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
  @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDB71CBA
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /release /c
  ipconfig /renew /c
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Let me know how things are running now ???