Unable to resolve trojan virtumonde.sci

Status
Not open for further replies.
Question - OTL Not Responding

I ran OTL, which stalled. It eventually reported "not responding" in the heading. I finally had to re-boot using the momentary switch on the computer power supply. How long should I wait before doing that? Should I disable Kaspersky AV or Firewall or anything else?
 
OTL Report ?

I turned off Kaspersky AV and Kaspersky Firewall.

OTL appeared to run. It stalled on the screen showing Windows XP shutting down. I finally used the reset control on the power supply. When the system started again it produced a .log file. There was an error message on trying to attach this, so I changed the extension to .txt
 
OTL.TXT 7-15-11 Part 1 of 2

OTL logfile created on: 07/14/11 11:26:10 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.96 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 79.21% Memory free
10.79 Gb Paging File | 10.30 Gb Available in Paging File | 95.49% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 124.71 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.12 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1729.64 Gb Free Space | 92.84% Space Free | Partition Type: NTFS

Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/05/25 12:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]
 
OTL.TXT 7-15-11 Part 2 of 2

[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/07/14 22:49:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 20:02:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/06/25 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/25 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/25 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/06/25 08:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft Help
[2011/06/25 08:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/06/23 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2011/06/23 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/06/21 12:01:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/21 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/06/16 03:55:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

========== Files - Modified Within 30 Days ==========

[2011/07/14 23:31:36 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/14 23:30:04 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 23:26:19 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/14 23:24:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 23:24:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/14 23:11:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/14 23:09:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/14 23:08:32 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/14 23:08:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/14 23:08:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 23:08:00 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 22:49:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/14 14:33:11 | 000,408,918 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/13 22:11:58 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/13 18:03:29 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/12 13:29:53 | 000,000,400 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
[2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/07/10 13:01:10 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/09 16:10:11 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/07 14:51:18 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/01 00:40:38 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 13:15:57 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'S® Dinner Club.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:19:29 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-Miles® Miles for Minutes®.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 22:16:58 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 06:38:42 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/06/23 12:51:27 | 000,932,987 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/19 19:08:43 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Boost Mobile - 214 397 6430.url
[2011/06/17 03:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 22:23:19 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\support.url

========== Files Created - No Company Name ==========

[2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2011/06/23 11:07:06 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/06/23 11:07:06 | 000,002,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro.lnk
[2011/06/21 11:22:28 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/21 11:12:47 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/06/18 09:56:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 02:26:22 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >
 
Great

How are things running now, any redirects or unwanted pop up windows ?


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
Response 7-15-11

ken545 said:
Great

How are things running now, any redirects or unwanted pop up windows ?.
Click to expand...

The computer hangs up on programs that used to work normally. I have ACDC 7 for moving photos from an SD card & card reader to the system. Plugging in an SD card used to result in it being recognized for copying or moving the photo files. It no longer responds to an SD card going in its slot. Should I reinstall this program?

At the moment there's a white screen on Windows Task Manager that will not go away. There's an hour glass with the mouse pointer anywhere on the desktop.

Earlier I did get web pages to appear to work OK with MSIE 7. I have not been able to fully test it yet.

I understand ESET, described below, takes a long time to run. I'll be able to proceed with it later. Thank you. (At the moment I'm using a separate laptop to enter this. It does not appear to be infected.)

ken545 said:
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Click to expand...
 
Lets wait until we see what ESET finds and go from there, its possible this is just a windows problem, lets see
 
Report of ESET attached 7-17-11

Report of ESET attached 7-17-11


C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{23690A61-F205-45D8-9294-B63A67498790}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{40C82691-CCF0-402A-909D-29257CBF33AC}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
C:\i\Programs From Internet\ImToo DVD Creator 6 4-29-11\dvd-creator6.exe Win32/Toolbar.Zugo application
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\i\Programs From Internet\Vundofix for virtumonde-sci 7-4-11\VirtumundoBeGone.exe Win32/PrcView application
 
Last edited by a moderator:
Lets run ESET again and lets remove what it finds this time, post the log when done please
 
Status

The computer is now stalled out and I am unable to proceed with it.

While stalled it won't run other programs or shut down. I have to find some other way to turn off the AC power.
 
What stalled it, the ESET Scan ? Just hold the power button in for about 5 or more seconds until it shuts down and then restart it
 
Response

ken545 said:
What stalled it, the ESET Scan ? Just hold the power button in for about 5 or more seconds until it shuts down and then restart it
Click to expand...

Before running ESET I need to turn off Kaspersky. There's Kaspersky AV and Firewall, and some more. To turn those off I go to the "Settings" button in the top right hand corner of their window. On trying to access that, however, I get a Windows error message "This program is not responding." Then just trying to X out of the Kaspersky window I get another Windows error message "This program is not responding." Something changed on the system somewhere along the way.

I get the same kind of response from other programs on the system, like Nero 9, which used to run normally
 
Good Morning,

It appears your computer is been acting this way from the when you first posted, you did have a lot of malware that Malwarebytes and Combofix removed, sometimes this garbage can damage a system.

These may be infected so lets remove them

C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{23690A61-F205-45D8-9294-B63A67498790}
C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{40C82691-CCF0-402A-909D-29257CBF33AC}
C:\i\Programs From Internet\ImToo DVD Creator 6 4-29-11



Run these as a final check, if it does not find anything than I will link you to a windows forum for help


Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply




Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Reply 7-20-11

I ran ESET again and selected the option to remove viruses. This took a number of hours.

It found copies of programs used to remove previous infections, including one used on a previous computer that was copied here. Some were in a RECYCLER folder that had not been dumped yet. I don't believe these are the problem, with maybe the exception of the last one listed.

C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix.zip multiple threats deleted - quarantined
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\i\Programs From Internet\SmitfraudFix\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\i\Programs From Internet\Vundofix for virtumonde-sci 7-4-11\VirtumundoBeGone.exe Win32/PrcView application deleted - quarantined
C:\RECYCLER\S-1-5-21-515967899-963894560-839522115-1003\Dc1\PCmover.msi a variant of Win32/PSWTool.PWDump.A application deleted - quarantined
C:\RECYCLER\S-1-5-21-515967899-963894560-839522115-1003\Dc2\PCmover.msi a variant of Win32/PSWTool.PWDump.A application deleted - quarantined
C:\RECYCLER\S-1-5-21-515967899-963894560-839522115-1003\Dc3\dvd-creator6.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{6874E0DF-88F3-4FC5-9D68-86B6F0DD57FC}\RP5\A0014566.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6874E0DF-88F3-4FC5-9D68-86B6F0DD57FC}\RP5\A0014567.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6874E0DF-88F3-4FC5-9D68-86B6F0DD57FC}\RP5\A0014568.exe Win32/PrcView application deleted - quarantined
C:\System Volume Information\_restore{6874E0DF-88F3-4FC5-9D68-86B6F0DD57FC}\RP5\A0014569.msi a variant of Win32/PSWTool.PWDump.A application deleted - quarantined
C:\System Volume Information\_restore{6874E0DF-88F3-4FC5-9D68-86B6F0DD57FC}\RP5\A0014570.msi a variant of Win32/PSWTool.PWDump.A application deleted - quarantined
C:\System Volume Information\_restore{6874E0DF-88F3-4FC5-9D68-86B6F0DD57FC}\RP5\A0014571.exe Win32/Toolbar.Zugo application deleted - quarantined
E:\120 GB (E) Attorney - Client only\Program Files\COMPAQ\Digital Dashboard\CPQMLCLK.exe a variant of Win32/TrojanDownloader.Swizzor.NER trojan cleaned by deleting - quarantined

As for Kaspersky, I followed their instructions to ask for assistance before I found this forum. They have not yet responded. Before using Kaspersky I had AVG, and had a much better response and resolution of a new infection that got past their latest definitions. Maybe in the end I'll have to reinstall Windows XP and every normal application and setting. I don't know yet.


ken545 said:
Good Morning,

It appears your computer is been acting this way from the when you first posted, you did have a lot of malware that Malwarebytes and Combofix removed, sometimes this garbage can damage a system.

These may be infected so lets remove them

C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{23690A61-F205-45D8-9294-B63A67498790}
C:\Documents and Settings\Tom\Local Settings\Application Data\Downloaded Installations\{40C82691-CCF0-402A-909D-29257CBF33AC}
C:\i\Programs From Internet\ImToo DVD Creator 6 4-29-11
Click to expand...

Manually deleted.

ken545 said:
Run these as a final check, if it does not find anything than I will link you to a windows forum for help


Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
Click to expand...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\tom\favorites\favorites 4-19-2009\demento\cracked magazine\cracked.com – america's only humor & video site since 1958.url
c:\documents and settings\tom\favorites\favorites 4-19-2009\demento\cracked magazine\cracked.com-.url
c:\documents and settings\tom\favorites\favorites 4-19-2009\ebay\ebay - timecracker, wall clocks items on ebay.com.url
c:\documents and settings\tom\favorites\favorites 4-19-2009\imported bookmarks\personal toolbar folder\ebay\clocks\items matching ( timecracker ).url
c:\documents and settings\tom\favorites\favorites 4-19-2009\imported bookmarks\personal toolbar folder\jfk\video on cia_crack, censors, corpocracy.url
c:\program files\ringtone media studio\samples\overlays\cracked glass.emf
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
scanner sequence 3.ZZ.11.HOLBUI
----- EOF -----


ken545 said:
Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
Click to expand...

Report says no infections found

2011/07/20 06:20:49.0796 5988 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/20 06:20:50.0015 5988 ================================================================================
2011/07/20 06:20:50.0015 5988 SystemInfo:
2011/07/20 06:20:50.0015 5988
2011/07/20 06:20:50.0015 5988 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/20 06:20:50.0015 5988 Product type: Workstation
2011/07/20 06:20:50.0015 5988 ComputerName: TOM-2008
2011/07/20 06:20:50.0015 5988 UserName: Tom
2011/07/20 06:20:50.0015 5988 Windows directory: C:\WINDOWS
2011/07/20 06:20:50.0015 5988 System windows directory: C:\WINDOWS
2011/07/20 06:20:50.0015 5988 Processor architecture: Intel x86
2011/07/20 06:20:50.0015 5988 Number of processors: 4
2011/07/20 06:20:50.0015 5988 Page size: 0x1000
2011/07/20 06:20:50.0015 5988 Boot type: Normal boot
2011/07/20 06:20:50.0015 5988 ================================================================================
2011/07/20 06:20:52.0109 5988 Initialize success
2011/07/20 06:21:10.0593 2664 ================================================================================
2011/07/20 06:21:10.0593 2664 Scan started
2011/07/20 06:21:10.0593 2664 Mode: Manual;
2011/07/20 06:21:10.0593 2664 ================================================================================
2011/07/20 06:21:12.0875 2664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/20 06:21:13.0296 2664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/20 06:21:13.0875 2664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/20 06:21:14.0343 2664 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/20 06:21:16.0281 2664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/20 06:21:17.0453 2664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/20 06:21:17.0750 2664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/20 06:21:18.0421 2664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/20 06:21:18.0796 2664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/20 06:21:19.0093 2664 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/07/20 06:21:19.0437 2664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/20 06:21:19.0859 2664 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/07/20 06:21:20.0250 2664 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/07/20 06:21:20.0578 2664 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/07/20 06:21:21.0000 2664 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/07/20 06:21:21.0453 2664 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/07/20 06:21:21.0812 2664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/20 06:21:22.0203 2664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/20 06:21:22.0906 2664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/20 06:21:23.0218 2664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/20 06:21:23.0656 2664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/20 06:21:24.0546 2664 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/20 06:21:24.0906 2664 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/07/20 06:21:25.0796 2664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/20 06:21:26.0359 2664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/20 06:21:26.0953 2664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/20 06:21:27.0281 2664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/20 06:21:27.0562 2664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/20 06:21:28.0109 2664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/20 06:21:28.0468 2664 e1yexpress (6a738bee58ff3d2f237157082e799de8) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
2011/07/20 06:21:28.0796 2664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/20 06:21:29.0125 2664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/20 06:21:29.0437 2664 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
2011/07/20 06:21:29.0843 2664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/20 06:21:30.0171 2664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/20 06:21:30.0484 2664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/20 06:21:30.0796 2664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/20 06:21:31.0093 2664 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/07/20 06:21:31.0421 2664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/20 06:21:31.0750 2664 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/07/20 06:21:32.0187 2664 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/20 06:21:32.0500 2664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/20 06:21:32.0812 2664 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/07/20 06:21:33.0250 2664 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/20 06:21:33.0578 2664 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/07/20 06:21:33.0984 2664 hhdserial (2826f7481d7e86a986c0abb8a3729f1b) C:\WINDOWS\system32\drivers\hhdserial.sys
2011/07/20 06:21:34.0375 2664 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/07/20 06:21:34.0765 2664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/20 06:21:35.0406 2664 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/20 06:21:36.0406 2664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/07/20 06:21:38.0890 2664 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/20 06:21:41.0312 2664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/20 06:21:41.0656 2664 InCDfs (e1037d1592b50b219cb98b5b6183988d) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/07/20 06:21:42.0078 2664 InCDPass (d4ebad759d85b46694220504d09b7464) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/07/20 06:21:42.0468 2664 InCDrec (f6b46dea97d0460e24ac71d73217ff5c) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/07/20 06:21:42.0765 2664 incdrm (2a0ee43c0dd7ade1ccff5ef27c3b2deb) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/07/20 06:21:43.0375 2664 IntcHdmiAddService (1a3c5c489a1de481d2ef899807ad172c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/07/20 06:21:43.0906 2664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/20 06:21:44.0218 2664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/20 06:21:44.0515 2664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/20 06:21:44.0812 2664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/20 06:21:45.0140 2664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/20 06:21:45.0484 2664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/20 06:21:45.0781 2664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/20 06:21:46.0078 2664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/20 06:21:46.0375 2664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/20 06:21:46.0656 2664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/20 06:21:46.0984 2664 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/07/20 06:21:47.0265 2664 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/07/20 06:21:47.0656 2664 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/07/20 06:21:47.0937 2664 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/07/20 06:21:48.0218 2664 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/07/20 06:21:48.0562 2664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/20 06:21:49.0046 2664 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/20 06:21:49.0656 2664 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/20 06:21:49.0937 2664 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/20 06:21:50.0234 2664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/20 06:21:50.0515 2664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/20 06:21:50.0968 2664 MotDev (20ff89c59b0a50f53822303064988e00) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/07/20 06:21:51.0312 2664 motmodem (49bc2ea84db5320b880a222e6e11b28b) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/07/20 06:21:51.0687 2664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/20 06:21:51.0953 2664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/20 06:21:52.0421 2664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/20 06:21:53.0031 2664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/20 06:21:53.0750 2664 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/20 06:21:54.0406 2664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/20 06:21:54.0750 2664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/20 06:21:55.0031 2664 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
2011/07/20 06:21:55.0296 2664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/20 06:21:55.0656 2664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/20 06:21:55.0937 2664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/20 06:21:56.0234 2664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/20 06:21:56.0671 2664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/20 06:21:57.0250 2664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/20 06:21:57.0578 2664 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/07/20 06:21:58.0109 2664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/20 06:21:58.0468 2664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/20 06:21:58.0750 2664 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/20 06:21:59.0015 2664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/20 06:21:59.0328 2664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/20 06:21:59.0656 2664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/20 06:22:00.0031 2664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/20 06:22:00.0359 2664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/20 06:22:00.0718 2664 NETMDUSB (55621d89ce500092cb3f136bed3c2854) C:\WINDOWS\system32\Drivers\NETMD052.sys
2011/07/20 06:22:01.0000 2664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/20 06:22:01.0312 2664 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/07/20 06:22:01.0718 2664 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/07/20 06:22:02.0156 2664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/20 06:22:02.0265 2664 NRKCTL32 (a812ff45783d5f20585a98b40d580c87) C:\Program Files\WCPUID\NRKCTL32.SYS
2011/07/20 06:22:02.0875 2664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/20 06:22:03.0468 2664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/20 06:22:03.0765 2664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/20 06:22:04.0046 2664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/20 06:22:04.0546 2664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/20 06:22:05.0093 2664 P2k (8ee5915a40ab1fa206d85b9b6fc622f4) C:\WINDOWS\system32\DRIVERS\P2k.sys
2011/07/20 06:22:05.0515 2664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/20 06:22:05.0921 2664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/20 06:22:06.0203 2664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/20 06:22:06.0562 2664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/20 06:22:07.0328 2664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/20 06:22:07.0671 2664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/20 06:22:09.0656 2664 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/20 06:22:10.0031 2664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/20 06:22:10.0328 2664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/20 06:22:10.0625 2664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/20 06:22:10.0921 2664 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/20 06:22:12.0484 2664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/20 06:22:12.0781 2664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/20 06:22:13.0078 2664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/20 06:22:13.0359 2664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/20 06:22:13.0703 2664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/20 06:22:14.0031 2664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/20 06:22:14.0359 2664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/20 06:22:14.0765 2664 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/20 06:22:15.0093 2664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/20 06:22:15.0421 2664 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/07/20 06:22:15.0718 2664 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/20 06:22:16.0093 2664 SCRCAMHRDRV (6673b255518f08f55cece03f6d2eb6ad) C:\WINDOWS\system32\DRIVERS\SCRCAMHRDRV.sys
2011/07/20 06:22:16.0375 2664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/20 06:22:16.0656 2664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/20 06:22:16.0953 2664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/20 06:22:17.0265 2664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/20 06:22:17.0812 2664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/20 06:22:18.0125 2664 SndTAudio (09a451491b3e561da09032c059ab3e3c) C:\WINDOWS\system32\drivers\SndTAudio.sys
2011/07/20 06:22:18.0656 2664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/20 06:22:18.0968 2664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/20 06:22:19.0437 2664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/20 06:22:20.0546 2664 STHDA (0ffda1cb46a4be1fcdd8de6e3ced5b50) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/20 06:22:20.0843 2664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/20 06:22:21.0125 2664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/20 06:22:21.0406 2664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/20 06:22:22.0265 2664 symsnap (d3218867afdf74d7ab76a3911b4544a2) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/07/20 06:22:23.0250 2664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/20 06:22:23.0765 2664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/20 06:22:24.0312 2664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/20 06:22:24.0765 2664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/20 06:22:25.0156 2664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/20 06:22:25.0812 2664 TVicPort (607fc73722f62e1820c8183d58ed1668) C:\WINDOWS\system32\drivers\TVicPort.sys
2011/07/20 06:22:26.0109 2664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/20 06:22:26.0500 2664 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/20 06:22:26.0984 2664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/20 06:22:27.0421 2664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/20 06:22:27.0796 2664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/20 06:22:28.0156 2664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/20 06:22:28.0500 2664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/20 06:22:28.0828 2664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/20 06:22:29.0187 2664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/20 06:22:29.0453 2664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/20 06:22:29.0750 2664 v2imount (1747e022b76bc248795b0aedecccf96f) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/07/20 06:22:30.0015 2664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/20 06:22:30.0578 2664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/20 06:22:30.0890 2664 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
2011/07/20 06:22:31.0171 2664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/20 06:22:31.0625 2664 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/20 06:22:32.0343 2664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/20 06:22:32.0687 2664 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/07/20 06:22:33.0062 2664 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/20 06:22:33.0375 2664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/20 06:22:33.0687 2664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/20 06:22:34.0015 2664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/20 06:22:34.0343 2664 xkeysw2k (4db1b3402ff3b6b80871ad3b70de03cf) C:\WINDOWS\system32\DRIVERS\XkeysW2k.sys
2011/07/20 06:22:34.0390 2664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/20 06:22:34.0609 2664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/20 06:22:34.0671 2664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/07/20 06:22:34.0671 2664 Boot (0x1200) (ea96cdc887ed3325bb847a38b58f9c8b) \Device\Harddisk0\DR0\Partition0
2011/07/20 06:22:34.0687 2664 Boot (0x1200) (780842da478ea634035f5b2f7b9e5bee) \Device\Harddisk2\DR2\Partition0
2011/07/20 06:22:34.0687 2664 ================================================================================
2011/07/20 06:22:34.0687 2664 Scan finished
2011/07/20 06:22:34.0687 2664 ================================================================================
2011/07/20 06:22:34.0703 0528 Detected object count: 0
2011/07/20 06:22:34.0703 0528 Actual detected object count: 0
2011/07/20 06:23:54.0359 4444 Deinitialize success
 
Hi,

TDSSkiller is showing no rootkit but CKScanner is showing that you have one or more illegal software programs installed. Downloading and installing illegal software is the number one way of infecting your computer because almost 100% of cracked illegal software is infected. This forum as all the other malware removal forums do not condone the use of illegal software, to continue helping you can be construed in the eyes of the law as aiding and abetting a crime. If you want to continue, I need you to look through the CKScanner log and uninstall all that you installed, then reboot and run CKScanner again and post a new log
 
Response 7-22-11

ken545 said:
Hi,

TDSSkiller is showing no rootkit but CKScanner is showing that you have one or more illegal software programs installed. Downloading and installing illegal software is the number one way of infecting your computer because almost 100% of cracked illegal software is infected. This forum as all the other malware removal forums do not condone the use of illegal software, to continue helping you can be construed in the eyes of the law as aiding and abetting a crime. If you want to continue, I need you to look through the CKScanner log and uninstall all that you installed, then reboot and run CKScanner again and post a new log
Click to expand...

CKScanner stalled and reported "not responding" several times in Windows Task Manager, when I ran it previously and today. I have not installed or used "illegal software." However I am not the only person who has ever used this computer. I understand the purpose of a virus or trojan is to install "illegal sofware." I am interested in REMOVING any virus or trojan or "illegal sofware" that you may have knowledge of. So I need instructions. I would also be interested in reporting it to Kaspersky so it can not be installed. Scans by the regularly updated Kaspersky skipped over everything that has been removed so far.

A long time ago I purchased "Corel Word Perfect Office X5" at a retail store. Most or all of it has been installed on the system. However I have not gotten around to using all the programs. When I saw the "keygen" etc. listed in the report from CKScanner I had questions about it, and the program called "Wordperfect Lightning," which was installed but I had not run before. It is part of the Word Perfect suite.

I tried to run "Wordperfect Lightning" for the first time and find it stalls the system, and reports "not responding" in Windows Task Manager. Has this been infected with a virus or trojan?

There were some other programs received from or promoted by "Giveaway of the day" or the "Kim Komando" radio show which did not appear to perform very well, which I removed. (I find it is not possible to contact "Kim Komando" unless you are a paid member of her "club.") I also removed installation of a program by IOLO that I was not happy with.

Here is the latest report from CKScanner. Note it says "These are not necessarily bad" and some of the things on this list are URLs to various web pages. I found some of those web pages do not work. Some of those mention software that was never installed by me.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\tom\favorites\favorites 4-19-2009\demento\cracked magazine\cracked.com – america's only humor & video site since 1958.url
c:\documents and settings\tom\favorites\favorites 4-19-2009\demento\cracked magazine\cracked.com-.url
c:\documents and settings\tom\favorites\favorites 4-19-2009\ebay\ebay - timecracker, wall clocks items on ebay.com.url
c:\documents and settings\tom\favorites\favorites 4-19-2009\imported bookmarks\personal toolbar folder\ebay\clocks\items matching ( timecracker ).url
c:\program files\corel\wordperfect lightning\programs\ssh-keygen.exe
c:\program files\ringtone media studio\samples\overlays\cracked glass.emf
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files\wildgames\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
scanner sequence 3.EF.11.PJBBXM
----- EOF -----
 
Hi,

The only thing I see a bit strange is this, since its not working you may want to uninstall it
c:\program files\corel\wordperfect lightning <--This

Why dont you shoot me a new OTL log and let me take another look
 
Reply 7-25-11

I removed "Wordperfect Office X4" suite and restarted the system. I found .DOC files were associating with Wordpad. I changed this back, so they associate with MS Word.

I followed previous instructions on OTL. It produced an OTL.TXT file but not the EXTRAS file. I didn't change any of the settings with OTL except as instructed, but noticed it was set for "30 days". It's likely any virus or trojan would have been there longer than 30 days. I'm unclear about the instructions on turning off other windows - - all windows were off. I did notice Kaspersky had not been turned off, it appeared from the icon in the tray that it was updating while OTL was running. Do I need to change anything and run OTL again?

Here is OTL.TXT:

OTL logfile created on: 07/25/11 9:08:57 AM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\i\Programs From Internet\Virtumonde sci removal 7-10-11
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.96 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.93% Memory free
10.79 Gb Paging File | 10.14 Gb Available in Paging File | 93.95% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 117.49 Gb Free Space | 25.23% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 11.03 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1729.27 Gb Free Space | 92.82% Space Free | Partition Type: NTFS

Computer Name: TOM-2008 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office97\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\i\Programs From Internet\Virtumonde sci removal 7-10-11\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GEARSecurity) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SCRCAMHRDRV) -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (hhdserial) HHD Software Serial Monitor (DMS) -- C:\WINDOWS\system32\drivers\hhdserial.sys (HHD Software Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (NRKCTL32) -- C:\Program Files\WCPUID\NRKCTL32.SYS (NrkLv Group)
DRV - (xkeysw2k) -- C:\WINDOWS\system32\drivers\XKEYSW2K.SYS (P.I. Engineering, Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (TVicPort) -- C:\WINDOWS\System32\drivers\TVICPORT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "www.googlebreak.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tom\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 15:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 18:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/24 15:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/30 05:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\savetubemp3@savetubemp3.net: C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\FF [2010/02/02 14:41:41 | 000,000,000 | ---D | M]

[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/10/24 05:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions
[2010/04/28 05:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 12:06:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/18 05:04:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/03 10:43:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/10 19:54:59 | 000,000,000 | ---D | M] (Nodobe Document Viewer) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\extensions\nodobe@vuzit.com
[2010/02/02 14:42:05 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\GoogleFeed.xml
[2011/07/13 17:48:54 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\ixquick.xml
[2008/10/11 09:26:42 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\marketwatch.xml
[2008/10/11 09:26:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\webster.xml
[2008/10/11 09:26:56 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\l9ajnjqt.default\searchplugins\wikipedia-eng.xml
[2011/07/13 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 02:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 13:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 05:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 03:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 07:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/09/30 05:14:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/06/28 11:04:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/09/21 02:04:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/07/14 22:49:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObjMp3 Class) - {cf59ae24-5796-44fc-9575-8d4f383c65f8} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\MinBHOMp3.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube MP3 Downloader) - {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - C:\Program Files\YouTubeMP3Downloader.net\YouTubeMP3Downloader\YouTubeMP3.dll (Save Tube Video Company)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msjavadll] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Simpo Print Server] C:\Program Files\Simpo PDF Creator\SimpoPrintSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PI Engineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKU\S-1-5-21-515967899-963894560-839522115-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-963894560-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 03:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/25 07:52:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/18 02:49:28 | 000,000,000 | ---D | C] -- C:\BurnAPIHistory_All
[2011/07/18 02:39:52 | 000,000,000 | ---D | C] -- C:\NeroHistory_All
[2011/07/17 21:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/07/16 22:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/14 20:02:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/14 18:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/14 13:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/14 13:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/14 13:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/14 13:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 09:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 07:09:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Virus Cleanup
[2011/07/10 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/07/10 08:55:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/10 08:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 08:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 08:47:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/10 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/08 19:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/07/08 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Ilivid Player
[2011/07/08 13:30:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2011/07/08 13:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2011/07/08 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/07/05 13:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/04 20:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/03 11:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/28 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\HiJackThis
[2011/06/28 12:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\DivX
[2011/06/27 19:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Exported Registry
[2011/06/26 22:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Fidelity Investments
[2011/06/26 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2011/06/26 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wealth-Lab Pro
[2011/06/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder

========== Files - Modified Within 30 Days ==========

[2011/07/25 09:16:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job
[2011/07/25 09:07:46 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/25 09:07:46 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/25 09:07:21 | 000,000,209 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/25 08:56:55 | 000,409,736 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas Gas.url
[2011/07/25 08:36:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/25 08:34:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 08:34:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 08:33:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/25 08:32:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 08:32:24 | 3181,613,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/25 08:32:24 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 08:26:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 02:02:19 | 000,002,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/07/24 22:28:05 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 14:53:12 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\DMN dmn@n5gar.com p------.url
[2011/07/23 15:47:01 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\STOUFFER'S® Dinner Club.url
[2011/07/23 15:42:14 | 000,005,202 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\AccuWeather. Long Beach.url
[2011/07/22 13:36:16 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Fidelity Watchlist.url
[2011/07/21 21:12:54 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/07/21 04:45:17 | 000,002,964 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS ISS (ZARYA).url
[2011/07/21 04:33:06 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Human Space Flight (HSF) - Realtime Data.url
[2011/07/20 12:55:36 | 000,002,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
[2011/07/19 04:54:47 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 7.0.lnk
[2011/07/19 04:11:59 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/18 04:05:59 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\KiplingerAdvisorPanel.com.url
[2011/07/15 05:48:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/14 23:30:04 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 22:49:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/12 09:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 02:49:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Dallas 311 Intake.url
[2011/07/11 13:10:54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2011/07/08 13:30:51 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:31 | 000,064,538 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:40 | 000,067,454 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/05 15:47:36 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Prepaid Phone News.url
[2011/07/05 10:14:53 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:37:48 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\BusinessWeek.url
[2011/06/28 18:55:59 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Web Site Report For n5gar.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/27 19:01:59 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\e-Miles® Miles for Minutes®.url
[2011/06/26 21:59:20 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/26 15:20:30 | 000,503,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 15:20:30 | 000,088,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2011/07/18 04:05:58 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\KiplingerAdvisorPanel.com.url
[2011/07/15 05:48:01 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/14 13:29:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/14 13:29:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/14 13:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/14 13:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/14 13:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/14 01:15:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-963894560-839522115-1003.job
[2011/07/12 09:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 09:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/08 13:30:51 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2011/07/08 07:10:30 | 000,064,538 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us IRS drops audits of political donors.pdf
[2011/07/08 07:08:39 | 000,067,454 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\http www.nytimes.com 2011 07 08 us 08ttramsey Redistricting.pdf
[2011/07/03 11:27:45 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/29 10:35:04 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Map of the Market - SmartMoney.com.url
[2011/06/28 07:57:16 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to taskmgr.exe.lnk
[2011/06/26 21:59:20 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wealth-Lab Pro 6.lnk
[2011/06/25 09:58:23 | 000,956,290 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-963894560-839522115-1003-0.dat
[2011/06/25 09:58:22 | 000,347,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 12:51:27 | 000,932,987 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\n5gar1.zip
[2010/11/10 05:37:55 | 000,161,770 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/05 00:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\downloads.m3u
[2010/10/17 19:17:49 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2010/10/10 16:40:24 | 001,903,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/30 05:14:14 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/30 05:14:14 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/11 06:18:32 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/25 12:20:06 | 000,002,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/30 10:04:16 | 000,104,960 | ---- | C] () -- C:\WINDOWS\W2P_PreConvert.dll
[2010/02/01 05:16:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 05:16:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/01 05:16:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/01 05:16:08 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/31 03:51:08 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hksbihfl.ezl
[2010/01/28 03:35:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\Tom\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/01/27 22:28:12 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2009/12/27 17:53:40 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\default.rss
[2009/12/26 20:15:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/27 04:31:16 | 000,105,472 | ---- | C] () -- C:\WINDOWS\PreConvert.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/19 02:23:14 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/27 07:26:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/25 03:10:11 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2009/07/11 20:38:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\tls7912d.dll
[2009/07/11 20:38:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uninstallrq.exe
[2009/06/12 21:24:00 | 000,075,596 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/04 07:51:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/14 04:53:40 | 000,003,707 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM6.DLL
[2009/03/04 03:47:17 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/31 22:22:25 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/11/17 14:58:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/11/17 14:58:11 | 000,000,333 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/11/04 05:41:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/11/04 05:40:13 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2008/11/04 05:39:17 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/11/04 05:39:15 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/11/04 05:39:15 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/11/04 05:39:15 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/11/04 05:39:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/11/04 05:39:14 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/11/04 05:39:14 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/11/04 05:39:14 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/11/04 05:39:14 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/11/04 05:39:14 | 000,004,400 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/11/04 05:39:14 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/11/04 05:39:14 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/11/04 05:39:14 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/11/04 05:06:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2008/11/02 08:56:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/30 09:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/30 09:25:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/10/30 09:25:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/30 08:58:15 | 000,000,209 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/30 04:12:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\TraceSrv.ini
[2008/10/28 04:09:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/27 00:29:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/10/26 20:43:04 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2008/10/25 03:31:26 | 000,000,554 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/24 14:22:31 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/10/24 14:21:19 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/10/24 04:31:54 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 20:18:45 | 000,038,951 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/10 19:09:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 08:52:33 | 000,000,927 | ---- | C] () -- C:\WINDOWS\hmpro3.ini
[2008/10/09 08:50:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\kwimage.dll
[2008/10/09 08:50:42 | 000,005,495 | ---- | C] () -- C:\WINDOWS\sqkw.ini
[2008/10/09 03:17:00 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/10/09 03:16:59 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/10/09 03:16:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/08 08:54:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/08 04:00:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 03:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/07 05:35:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 05:34:50 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/18 11:21:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,503,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,088,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/31 04:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/06/07 07:38:44 | 000,078,336 | ---- | C] () -- C:\WINDOWS\nfwDrop.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/05/20 04:03:20 | 000,004,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TVICPORT.SYS
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spearit
[2010/08/15 01:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3Planesoft
[2010/02/22 02:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/10/15 10:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATX
[2010/09/30 04:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/07/25 07:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/12/11 08:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/08 17:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2011/06/26 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2009/06/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/11/04 19:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/25 20:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mediAvatar
[2010/11/29 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/25 09:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/11 06:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/27 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/04/13 03:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/09 04:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/24 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wavelet Labs
[2008/10/11 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/05 02:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2009/05/15 17:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 13:30:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FDD8983C-4561-4A27-BDA7-F5286E176A8F}
[2008/10/12 02:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2009/06/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 09:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2010/12/13 05:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\.oit
[2008/10/09 09:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2011/05/24 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Amazon
[2010/11/08 00:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2008/10/09 08:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/08 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ContentGuard
[2009/12/06 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Cool YouTube To Mp3 Converter
[2010/11/29 03:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Downloaded Installations
[2010/11/04 21:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ElevatedDiagnostics
[2009/04/12 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Eltima Software
[2011/03/27 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Facebook
[2011/06/26 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Fidelity Investments
[2009/12/17 04:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FILEminimizerPictures
[2011/07/07 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FileZilla
[2010/07/29 05:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\GARMIN
[2009/12/24 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\HD Audio Recorder
[2009/12/13 19:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Icevc
[2009/06/13 09:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\iolo
[2010/03/04 02:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Magic Collage
[2011/04/25 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mediAvatar
[2009/11/30 06:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Moyea
[2010/07/10 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\MozBackup
[2011/07/24 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nitro PDF
[2009/06/25 04:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2011/04/19 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\pdf995
[2009/11/15 15:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Publish Providers
[2010/03/17 03:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Software Informer
[2011/03/27 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sony
[2008/10/12 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Spearit
[2011/05/01 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TaxCut
[2010/10/24 05:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Thunderbird
[2011/03/22 19:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WaveMax Sound Editor
[2008/10/11 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\WildTangent
[2008/12/17 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2011/07/25 08:36:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/25 09:16:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{496D8042-0A62-4C91-8D5B-D46E9ED53309}.job

========== Purity Check ==========



< End of report >
 
Status
Not open for further replies.
Back
Top