Having a strange problem with my browsers...some kind of virus??

View previous topic View next topic Go down

Having a strange problem with my browsers...some kind of virus??

Post by pointman on Wed 15 Dec 2010, 12:02 pm

see attached file

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

I will try and post the text file of the scan results in 2 post because of the s

Post by pointman on Thu 16 Dec 2010, 9:15 am

My Browsers slow down and periodically freezes up after opening. This is the fourth time i have tried to send this message. I periodically get a message "Generic Host process for Win 32 Services has encountered a problem and needs to close". Sometimes the browser will automatically open a strange page like "Free Walmart $1000 gift card". Thanks so much for your help. U guys are real troopers!


pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

post of the scan log file - part 1

Post by pointman on Thu 16 Dec 2010, 9:19 am


OTL logfile created on: 12/14/2010 6:14:39 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 158.32 Gb Free Space | 53.11% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/14 18:08:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
PRC - [2010/12/14 17:04:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/18 20:25:40 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/15 09:49:14 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/16 14:03:04 | 004,425,048 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/06/30 02:31:50 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/01 11:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2009/02/02 01:33:18 | 000,317,440 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2008/11/07 10:46:29 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 17:19:04 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/08/21 13:28:52 | 000,391,680 | ---- | M] (Nokia Corporation.) -- C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
PRC - [2007/07/10 01:15:28 | 000,368,640 | ---- | M] (Nokia Corporation.) -- C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/21 15:34:56 | 000,495,616 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
PRC - [2006/08/16 22:32:09 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/08/16 22:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/08/16 22:28:13 | 000,729,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/07/28 08:56:48 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/07/21 14:17:00 | 000,073,728 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2006/03/10 13:01:02 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BellSouthWCC\McciTrayApp.exe
PRC - [2005/11/04 17:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/21 17:12:22 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/08/12 11:05:54 | 000,040,960 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
PRC - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) -- C:\PowerPanel\upssrv.exe
PRC - [2003/04/30 10:04:00 | 000,114,688 | ---- | M] (Cyber Power System Inc.) -- C:\PowerPanel\upsio.exe
PRC - [2001/03/06 08:44:08 | 000,180,224 | ---- | M] () -- C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe


========== Modules (SafeList) ==========

MOD - [2010/12/14 18:08:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/08/16 22:32:03 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/30 02:31:50 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/02 01:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/04/03 14:46:03 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) [Auto | Running] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/06/30 02:32:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 02:31:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/22 13:24:07 | 000,076,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/04/13 13:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/03/27 18:31:44 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/12/05 01:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/11 15:10:06 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/10 12:33:58 | 000,048,640 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/08/16 22:23:00 | 000,340,176 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/08/16 22:17:11 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/16 22:17:09 | 000,500,480 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/16 22:16:32 | 001,110,528 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/08/16 22:15:00 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/16 22:14:42 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/16 22:14:37 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/16 22:14:24 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/01/16 14:46:08 | 000,050,576 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppadt40.sys -- (dot4)
DRV - [2001/01/16 14:44:36 | 000,017,872 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppausb0.sys -- (dot4usb)
DRV - [2001/01/16 13:43:34 | 000,015,792 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaprt0.sys -- (Dot4Print)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query="


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/09/28 18:17:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/09/28 18:18:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/20 12:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/14 17:15:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/21 10:22:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/03/28 09:37:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 17:04:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 17:04:10 | 000,000,000 | ---D | M]

[2009/01/12 17:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/11 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions
[2009/08/11 12:21:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/02 16:25:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/12 17:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/01/12 17:13:58 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\aim-search.xml
[2008/06/15 20:04:54 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\siteadvisor.xml
[2010/12/10 15:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 15:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ymetray] C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - HKCU..\Run: [UpdateFlow.ATT-SST] C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe (Nokia Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} [You must be registered and logged in to see this link.] (ILINCInstall86 Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} [You must be registered and logged in to see this link.] (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} [You must be registered and logged in to see this link.] (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} [You must be registered and logged in to see this link.] (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} [You must be registered and logged in to see this link.] (HPSDDX Class)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} [You must be registered and logged in to see this link.] (AudioClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 17:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{92e97388-6fad-11dd-9fea-001d60675a62}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{92e97388-6fad-11dd-9fea-001d60675a62}\Shell\Shell00\Command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{92e97388-6fad-11dd-9fea-001d60675a62}\Shell\Shell01\Command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{92e97388-6fad-11dd-9fea-001d60675a62}\Shell\Shell02\Command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{a4301367-3fbb-11dd-9fcf-001d60675a62}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {35CB31D6-C496-F1F5-D9EC-11F57DF7BE5F} - Internet Explorer
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61F684C7-B71D-C06D-8637-87A1C70CAFF6} - Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {851FDFAC-B3F9-435A-A49C-B4F18A1737E7} - Microsoft Silverlight 3.0
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{C92EB41C-D4C5-4CCA-A444-318AE7FB6FC2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP


pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

post of the scan log file - part 2

Post by pointman on Thu 16 Dec 2010, 9:21 am

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/13 02:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/12/13 00:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/12/11 19:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/12/11 00:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/12/10 15:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/10 15:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/10 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/12/10 15:08:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/10 15:08:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/10 15:08:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/10 15:08:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/10 14:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/12/10 14:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/10 14:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/09 08:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/09 08:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/19 22:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/03/24 17:45:45 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/14 18:14:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
[2010/12/14 18:13:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/14 17:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/14 17:51:37 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/14 17:49:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/14 17:20:46 | 000,028,625 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/12/14 17:20:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/14 17:20:22 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/12/14 17:18:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/14 17:17:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/14 17:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/14 17:16:15 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2010/12/14 17:16:15 | 000,054,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2010/12/14 17:16:15 | 000,054,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2010/12/14 17:16:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/14 17:16:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/14 17:09:47 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/14 12:35:55 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/14 12:35:55 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/14 12:35:55 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/13 22:43:43 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/12/13 22:43:43 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/13 22:43:43 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/13 19:46:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/13 18:29:51 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/13 17:40:53 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/13 17:40:53 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/12/13 17:40:53 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/12 23:46:05 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/12 23:46:05 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/12 14:22:23 | 000,000,185 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/12/12 13:25:27 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/12 12:16:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/12/12 12:16:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/12 12:16:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/12 12:16:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/12/12 12:16:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/11 17:01:59 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/11 15:59:09 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/10 15:25:01 | 000,014,739 | ---- | M] () -- C:\WINDOWS\System32\12543.js
[2010/12/08 10:25:02 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/12/06 22:20:32 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/12/03 22:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/01 01:00:12 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/11/20 17:08:41 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/11/19 22:45:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/19 09:37:56 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 19:46:21 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/18 19:46:21 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/09 07:38:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/09 07:25:04 | 000,014,739 | ---- | C] () -- C:\WINDOWS\System32\12543.js
[2010/11/20 17:08:41 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/11/20 17:00:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/20 17:00:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/20 17:00:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/20 17:00:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/20 17:00:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/20 17:00:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/20 17:00:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/20 17:00:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/19 22:45:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/06 18:05:25 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/04/25 11:35:16 | 000,000,806 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008/12/14 17:10:25 | 000,002,695 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/02 16:09:02 | 000,000,659 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2008/12/02 16:08:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/11/13 03:03:11 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/29 21:42:01 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/06/07 17:49:09 | 000,010,939 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/14 14:15:02 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/05/01 12:16:36 | 000,002,751 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/05/01 12:15:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/04/25 18:55:17 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/04/25 18:55:17 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2008/04/25 18:55:17 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\LFFPX90N.DLL
[2008/04/25 18:55:16 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\OWL52F.DLL
[2008/04/25 18:55:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\PWJPEG32.DLL
[2008/03/31 10:30:51 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/27 15:04:48 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/03/27 11:12:15 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 15:02:06 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\epsnodlm.dll
[2008/03/26 14:01:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/26 11:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epadmin.INI
[2008/03/26 09:26:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/03/25 18:06:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/25 15:03:04 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2008/03/24 21:18:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/24 17:31:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/03/24 17:14:22 | 000,011,127 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/03/24 17:13:14 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/03/24 17:13:12 | 000,010,802 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/24 17:12:58 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/03/24 11:57:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/12 11:12:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2006/08/16 22:59:15 | 000,087,403 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/16 22:59:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/08/16 22:33:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/03 13:48:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter6.dll
[2005/11/02 09:54:48 | 002,945,024 | R--- | C] () -- C:\WINDOWS\System32\BGP851c.dll
[2005/07/26 16:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 08:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2002/11/20 17:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/03/24 17:03:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/03 18:55:24 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2009/08/30 18:50:53 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\helpme_att.lnk

< %APPDATA%\Microsoft\*.* >
[2009/04/25 11:21:54 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2009/04/25 11:35:18 | 000,000,806 | ---- | M] () -- C:\Program Files\INSTALL.LOG

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/18 11:17:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/03/24 17:05:02 | 000,163,884 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\avg7inst.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/03/24 17:08:57 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/03/24 17:08:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/10/24 17:34:31 | 041,427,024 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Owner\Desktop\A140609_ENU_XP.exe
[2009/08/20 12:09:04 | 024,791,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ATT_SST_Installer_UVerse.exe
[2009/08/11 12:19:50 | 008,050,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe
[2009/09/15 11:02:42 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Owner\Desktop\install_flash_player.exe
[2008/12/03 15:51:24 | 001,877,269 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lj564en.exe
[2009/04/01 10:07:51 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\msicuu2.exe
[2009/01/21 13:23:32 | 006,990,944 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\Desktop\PayPal Plug-In.exe
[2010/01/02 13:17:56 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/05/14 22:41:52 | 000,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/03/24 17:00:35 | 045,942,912 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Owner\My Documents\169.21_forceware_winxp_32bit_english_whql.exe
[2009/01/12 17:10:29 | 007,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.0.5.exe
[2004/06/07 08:09:24 | 002,348,528 | ---- | M] (Indigo Rose Corporation [You must be registered and logged in to see this link.] -- C:\Documents and Settings\Owner\My Documents\HistoryKill2003.exe
[2009/07/20 12:40:15 | 006,535,960 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\My Documents\PayPal Plug-In.exe
[2008/04/23 18:06:19 | 001,375,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pl532en.exe
[2010/06/23 15:50:05 | 003,545,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\R98291.EXE
[2008/03/29 23:19:35 | 000,382,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\My Documents\xpiinstall.exe
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/14 17:04:01 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/14 17:04:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/14 17:04:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/14 17:04:06 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/03/24 17:08:58 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
[2009/08/30 18:50:53 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Owner\Favorites\helpme_att.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/10 00:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/03/24 11:55:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/03/24 11:55:12 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/03/24 11:55:12 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/02/28 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/03 18:55:24 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll

< %SYSTEMDRIVE%\*.* >
[2009/06/29 11:24:14 | 000,000,013 | ---- | M] () -- C:\alrt_200.data
[2008/03/24 17:04:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/07/29 21:42:25 | 047,155,736 | ---- | M] () -- C:\BellSouthIW.re~
[2008/04/21 20:12:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/03/24 17:04:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/28 13:02:57 | 000,000,262 | ---- | M] () -- C:\IdleTrackingStream.txt
[2008/12/10 18:33:36 | 000,000,183 | ---- | M] () -- C:\INSTALL.LOG
[2008/03/24 17:04:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/08 10:36:14 | 000,000,931 | -H-- | M] () -- C:\IPH.PH
[2010/12/14 18:03:32 | 000,011,971 | ---- | M] () -- C:\JavaRa.log
[2009/07/03 15:18:51 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2008/03/24 17:04:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 11:12:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/14 17:17:15 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/03/24 17:25:38 | 000,000,516 | ---- | M] () -- C:\RHDSetup.log
[2009/08/22 07:59:03 | 000,000,923 | ---- | M] () -- C:\updatedatfix.log

< %PROGRAMFILES%\*. >
[2010/07/12 15:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/04/15 08:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/04/08 12:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Photoshop.com Uploader
[2008/03/24 17:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2010/10/08 10:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/03/04 11:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/02/19 14:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2008/03/25 16:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2008/08/09 17:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/25 10:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-HSI
[2010/07/05 19:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2008/03/24 17:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Attansic
[2009/04/25 11:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\ATTToolbar
[2008/04/12 12:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Audit Support Center
[2008/03/25 16:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2006
[2008/11/04 11:29:08 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD Civil 3D 2008
[2008/05/02 08:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/04/25 11:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouthWCC
[2008/03/31 12:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bluebeam Software
[2010/09/28 18:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/04/12 12:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/12/12 12:16:27 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2010/12/10 15:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/03/24 17:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/05/08 18:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/03/24 17:38:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2008/03/24 17:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/10/02 17:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/04/03 14:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\DWG TrueView 2007
[2008/03/26 15:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Eagle Point Software
[2010/01/06 09:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2009/10/02 17:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2009/10/02 17:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2010/09/24 12:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/24 17:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2008/12/02 16:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/05/01 16:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/05/02 11:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Hydraflow
[2009/01/20 13:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\iLinc
[2008/05/08 20:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2010/02/19 15:45:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/03/24 17:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/15 02:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/03/27 14:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/11/19 22:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/11/19 22:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/10 15:07:35 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/25 18:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/07/22 16:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2010/01/02 16:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/26 17:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/11/28 13:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/08/18 11:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/03/24 21:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/03/24 17:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/04/16 10:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/06 20:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/04/03 14:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/08/12 02:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/12/14 17:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/07 02:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/16 10:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/03/24 17:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/03/24 17:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/13 03:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/01 10:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2008/08/18 11:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/03/24 17:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 02:00:48 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/06/18 14:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2010/07/16 16:05:03 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/09/28 18:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/03/27 18:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/03/24 17:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/07 02:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/28 13:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2008/07/12 16:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/03/28 10:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2010/01/02 14:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2010/10/09 18:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUpMedia
[2010/03/16 15:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2008/03/24 17:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/03/31 10:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\viewsonic
[2008/03/24 17:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/03/24 17:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/18 11:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/18 11:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/03/24 17:03:19 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/24 17:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/06 17:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2008/03/24 11:56:43 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2010/07/26 14:38:51 | 000,083,872 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2010/11/20 17:08:41 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\install


< MD5 for: AGP440.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel#1\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel#1\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#1\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#2\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#3\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#4\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive\disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2007/09/11 15:11:35 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=5FD8684F1C5DD26509383F6CCDAEE3A3 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2006/02/28 07:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\USB Mass Storage Device\usbstor.sys
[2006/02/28 07:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-07 13:05:17

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

post of the scan log file - part 3 (OTL Extras)

Post by pointman on Thu 16 Dec 2010, 9:23 am

OTL Extras logfile created on: 12/14/2010 6:14:39 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 158.32 Gb Free Space | 53.11% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Motive\McciServiceHost.exe" = C:\Program Files\Common Files\Motive\McciServiceHost.exe:*:Enabled:McciServiceHost -- (Alcatel-Lucent)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{302BF4A9-0AEB-41A6-8838-A9497F07B508}" = The Options Toolbox v5.0
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{5783F2D7-6000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2008
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5E1FABE9-AE91-4C7F-B10E-083A7FD54E9A}" = Hydraflow Hydrographs 2004
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81D049A4-E8C6-49FC-995D-C25181C15C14}" = Bluebeam PDF Revu v4.7.1
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{988B65CC-416C-43A6-9BE7-187415D77BF4}" = TurboTax 2008 wgasbpm
"{98B672F2-857C-4CC9-A25D-6B218077F4F6}" = Yahoo! Autosync
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A02A2C67-9079-11D3-80EB-00C04F2CB01C}" = Eagle Point
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC6DE9B9-B599-3DCF-A47E-64322198B31C}" = Adobe Photoshop.com Uploader
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AI RoboForm" = AI RoboForm (All Users)
"AIM_7" = AIM 7
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"AT&T Wireless Connection Tool" = AT&T Wireless Connection Tool
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"Audit Support Center" = Audit Support Center 1.0
"AutoCAD Civil 3D 2008" = AutoCAD Civil 3D 2008
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Autodesk Vault 2008" = Autodesk Vault 2008
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Uploader
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CSCLIB" = Canon Camera Support Core Library
"CyberPower PowerPanel" = PowerPanel
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP LaserJet 3200 Uninstaller" = HP LaserJet 3200 Uninstaller
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{81D049A4-E8C6-49FC-995D-C25181C15C14}" = Bluebeam PDF Revu v4.7.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MosChip Technology" = MosChip Multi-IO Controller
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"MyPublisher" = MyPublisher
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetMos Technology" = NetMos Multi-IO Controller
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SysInfo" = Creative System Information
"TuneUpMedia" = TuneUp Companion 1.9.0
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Business 2008" = TurboTax Business 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Music Engine" = Yahoo! Music Engine
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2010 6:01:41 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/11/2010 6:01:47 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 12/12/2010 2:20:19 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/12/2010 2:39:33 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application componentlauncher.exe, version 3.2.0.12228, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011909.

Error - 12/13/2010 12:57:54 AM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/13/2010 7:24:43 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/13/2010 9:02:29 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/14/2010 1:47:54 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/14/2010 6:15:47 PM | Computer Name = QUADCORE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2010 6:51:27 PM | Computer Name = QUADCORE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

[ System Events ]
Error - 12/14/2010 1:11:06 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/14/2010 1:39:02 PM | Computer Name = QUADCORE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/14/2010 2:38:07 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 12/14/2010 3:19:01 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 12/14/2010 3:20:01 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/14/2010 3:22:40 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/14/2010 3:32:01 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/14/2010 3:33:01 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/14/2010 5:12:38 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/14/2010 7:09:35 PM | Computer Name = QUADCORE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.


< End of report >

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by Belahzur on Thu 16 Dec 2010, 10:37 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by pointman on Thu 16 Dec 2010, 1:49 pm

during the combofix process it suggested i reboot. i replyed yes and the computer started a reboot circle. It gets so far and starts over again. I just shut the computer down. what now?

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

I never could finish the Combofix

Post by pointman on Fri 17 Dec 2010, 9:41 am

during the combofix process it suggested i reboot. i replyed yes and the computer started a reboot circle. It gets so far and starts over again. I just shut the computer down. what now?

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by Belahzur on Fri 17 Dec 2010, 10:19 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

OTL Log File

Post by pointman on Fri 17 Dec 2010, 11:09 am

ComboFix 10-12-15.04 - Owner 12/16/2010 18:48:51.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2402 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Documents\Combo-Fix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\install
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\bszip.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-13 07:36 . 2010-12-13 07:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-12-13 07:36 . 2010-12-13 07:36 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-12-13 07:35 . 2010-12-13 07:36 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-12-13 05:00 . 2010-12-13 05:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-12 00:07 . 2010-12-12 00:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-10 20:10 . 2010-12-10 20:10 -------- d-----w- c:\program files\Common Files\Java
2010-12-10 20:08 . 2010-12-12 17:16 -------- d-----w- c:\program files\Carbonite
2010-12-10 20:08 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-10 20:08 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-10 19:26 . 2010-12-10 19:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-12-10 19:17 . 2010-12-10 19:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-09 13:45 . 2010-12-09 13:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-09 02:17 . 2010-12-13 07:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-07 13:05 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{6A495911-EEE9-4012-AAEC-0B1A6582A210}\mpengine.dll
2010-11-20 03:44 . 2010-11-20 03:44 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2008-03-24 22:26 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 15:41 . 2009-10-03 02:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2010-09-04 02:35 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-09-04 02:35 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 16:23 . 2007-09-11 20:07 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2007-09-11 20:07 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-25 68856]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2010-06-30 1057792]
"Aim"="c:\program files\AIM\aim.exe" [2010-09-16 4425048]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-19 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"CTHelper"="CTHELPER.EXE" [2006-08-17 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 18944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PbAdminACAD"="c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe" [2006-09-21 217088]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MicroBrew"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe" [2006-09-21 495616]
"ymetray"="c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe" [2005-08-12 40960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-03-01 86016]
"HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-03-01 77824]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-06-30 1573888]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe [2008-12-2 180224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-2 815104]
Yahoo! Autosync.lnk - c:\program files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-8-21 391680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/11/2006 10:12 AM 76416]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/19/2009 2:03 PM 317440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/28/2009 1:44 PM 93320]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/5/2010 7:05 PM 315392]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/24/2008 5:27 PM 38656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 6:24 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-25 12:27]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-28 17:22]

2010-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-28 17:22]

2010-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
- c:\windows\system32\msfeedssync.exe [2008-03-24 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - [You must be registered and logged in to see this link.]
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PayPal Plug-In for Firefox: paypalfirefoxplugin@orbiscom - c:\program files\PayPal\PayPal Plug-In
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-hpqSRMon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-16 18:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: MAXTOR_STM3320620AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-9

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B0BA555]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b0c07b0]; MOV EAX, [0x8b0c082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B0E3AB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x8B0A49E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B049B00]
\Driver\atapi[0x8B0A1C18] -> IRP_MJ_CREATE -> 0x8B0BA555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-9 -> \??\IDE#DiskMAXTOR_STM3320620AS_____________________3.AAE___#5&2a178fae&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B0BA39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-16 19:04:54
ComboFix-quarantined-files.txt 2010-12-17 00:04

Pre-Run: 173,239,623,680 bytes free
Post-Run: 174,087,696,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5EE964DD8DBEFB0B9A4313CBA901C707

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by Belahzur on Fri 17 Dec 2010, 11:16 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

TDSSKILLER report attached

Post by pointman on Fri 17 Dec 2010, 11:32 am

2010/12/16 19:29:03.0343 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/16 19:29:03.0343 ================================================================================
2010/12/16 19:29:03.0343 SystemInfo:
2010/12/16 19:29:03.0343
2010/12/16 19:29:03.0343 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/16 19:29:03.0343 Product type: Workstation
2010/12/16 19:29:03.0343 ComputerName: QUADCORE
2010/12/16 19:29:03.0343 UserName: Owner
2010/12/16 19:29:03.0343 Windows directory: C:\WINDOWS
2010/12/16 19:29:03.0343 System windows directory: C:\WINDOWS
2010/12/16 19:29:03.0343 Processor architecture: Intel x86
2010/12/16 19:29:03.0343 Number of processors: 4
2010/12/16 19:29:03.0343 Page size: 0x1000
2010/12/16 19:29:03.0343 Boot type: Normal boot
2010/12/16 19:29:03.0343 ================================================================================
2010/12/16 19:29:03.0546 Initialize success
2010/12/16 19:29:09.0265 ================================================================================
2010/12/16 19:29:09.0265 Scan started
2010/12/16 19:29:09.0265 Mode: Manual;
2010/12/16 19:29:09.0265 ================================================================================
2010/12/16 19:29:09.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/16 19:29:09.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/16 19:29:10.0078 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/16 19:29:10.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/16 19:29:10.0609 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/16 19:29:10.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/16 19:29:10.0796 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2010/12/16 19:29:10.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/16 19:29:11.0015 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/16 19:29:11.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/16 19:29:11.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/16 19:29:11.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/16 19:29:11.0515 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/16 19:29:11.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/16 19:29:11.0812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/16 19:29:12.0015 ctac32k (b48945add6acb51d0b2aafc558664d1d) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/16 19:29:12.0125 ctaud2k (def704dfad0b702919c2e460309bcb98) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/16 19:29:12.0250 ctdvda2k (f02e5e05ad79111f3b975e2a654aa050) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/12/16 19:29:12.0343 ctprxy2k (377dc83c79358c20897df8d4742db7b0) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/16 19:29:12.0421 ctsfm2k (1967653517d663c8c4b39c622988b910) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/16 19:29:12.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/16 19:29:12.0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/16 19:29:12.0906 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/16 19:29:12.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/16 19:29:13.0031 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/16 19:29:13.0109 dot4 (68c18840c6f021cea6a6f3ee9260ea64) C:\WINDOWS\system32\DRIVERS\hppadt40.sys
2010/12/16 19:29:13.0203 Dot4Print (41a1497d4f295c0c8013c5adf161c99a) C:\WINDOWS\system32\DRIVERS\hppaprt0.sys
2010/12/16 19:29:13.0281 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/12/16 19:29:13.0359 dot4usb (30e014dd2105d60e46b061cf407785d2) C:\WINDOWS\system32\DRIVERS\hppausb0.sys
2010/12/16 19:29:13.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/16 19:29:13.0531 emupia (94cea5c33ede311a193008518b4e7723) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/16 19:29:13.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/16 19:29:13.0687 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/16 19:29:13.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/16 19:29:13.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/16 19:29:13.0859 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/16 19:29:13.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/16 19:29:13.0953 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/16 19:29:13.0984 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/16 19:29:14.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/16 19:29:14.0171 ha20x2k (278482909b1d3c4d9d300261cde4c385) C:\WINDOWS\system32\drivers\ha20x2k.sys
2010/12/16 19:29:14.0296 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/16 19:29:14.0359 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/12/16 19:29:14.0406 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/16 19:29:14.0593 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/16 19:29:14.0671 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/16 19:29:14.0765 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/16 19:29:14.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/16 19:29:15.0031 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/16 19:29:15.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/16 19:29:15.0375 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/16 19:29:15.0562 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/16 19:29:15.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/16 19:29:15.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/16 19:29:15.0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/16 19:29:15.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/16 19:29:15.0937 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/16 19:29:15.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/16 19:29:16.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/16 19:29:16.0093 JRAID (222e263cc06e47bda386fe19b88e8583) C:\WINDOWS\system32\DRIVERS\jraid.sys
2010/12/16 19:29:16.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/16 19:29:16.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/16 19:29:16.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/16 19:29:16.0375 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/12/16 19:29:16.0453 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2010/12/16 19:29:16.0515 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/12/16 19:29:16.0656 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/12/16 19:29:16.0796 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/12/16 19:29:16.0890 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/12/16 19:29:17.0000 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/12/16 19:29:17.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/16 19:29:17.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/16 19:29:17.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/16 19:29:17.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/16 19:29:17.0468 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/12/16 19:29:17.0734 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/16 19:29:17.0859 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/12/16 19:29:17.0921 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/12/16 19:29:17.0984 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/16 19:29:18.0171 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/16 19:29:18.0281 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/16 19:29:18.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/16 19:29:18.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/16 19:29:18.0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/16 19:29:18.0562 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/16 19:29:18.0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/16 19:29:18.0734 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/12/16 19:29:18.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/16 19:29:18.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/16 19:29:18.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/16 19:29:19.0015 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/16 19:29:19.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/16 19:29:19.0078 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/16 19:29:19.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/16 19:29:19.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/16 19:29:19.0437 NmPar (79ea5a1b343db2f5187758e00195d9bd) C:\WINDOWS\system32\DRIVERS\NmPar.sys
2010/12/16 19:29:19.0750 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/16 19:29:19.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/16 19:29:19.0921 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/16 19:29:20.0187 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/16 19:29:20.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/16 19:29:20.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/16 19:29:20.0546 ossrv (8a347decf8a4bbcad4501528546b4fad) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/16 19:29:20.0593 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/16 19:29:20.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/16 19:29:20.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/16 19:29:20.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/16 19:29:20.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/16 19:29:21.0031 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/16 19:29:21.0218 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/16 19:29:21.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/16 19:29:21.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/16 19:29:21.0406 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/16 19:29:21.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/16 19:29:21.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/16 19:29:21.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/16 19:29:21.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/16 19:29:21.0906 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/16 19:29:21.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/16 19:29:21.0984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/16 19:29:22.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/16 19:29:22.0140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/16 19:29:22.0218 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/12/16 19:29:22.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/16 19:29:22.0406 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/16 19:29:22.0468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/16 19:29:22.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/16 19:29:22.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/16 19:29:22.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/16 19:29:22.0843 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/16 19:29:22.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/16 19:29:22.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/16 19:29:22.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/16 19:29:23.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/16 19:29:23.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/16 19:29:23.0125 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/16 19:29:23.0187 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/16 19:29:23.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/16 19:29:23.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/16 19:29:23.0468 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/16 19:29:23.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/16 19:29:23.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/16 19:29:23.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/16 19:29:23.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/16 19:29:23.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/16 19:29:23.0781 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/16 19:29:23.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/16 19:29:23.0875 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/16 19:29:24.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/16 19:29:24.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/16 19:29:24.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/16 19:29:24.0281 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/16 19:29:24.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/16 19:29:24.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/16 19:29:24.0484 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/16 19:29:24.0500 ================================================================================
2010/12/16 19:29:24.0500 Scan finished
2010/12/16 19:29:24.0500 ================================================================================
2010/12/16 19:29:24.0500 Detected object count: 1
2010/12/16 19:30:24.0531 \HardDisk0 - will be cured after reboot
2010/12/16 19:30:24.0531 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by Belahzur on Fri 17 Dec 2010, 12:31 pm

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

ESET online scan found no threats.

Post by pointman on Fri 17 Dec 2010, 2:10 pm

does that mean I'm OK now?

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by pointman on Sat 18 Dec 2010, 6:56 am

I'm assuming since the scan found no threats I'm good to go now! So far everything seems to be working properly. I could not find the scan log file.

pointman

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2010-01-03
Operating System : windows XP

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by Belahzur on Sat 18 Dec 2010, 10:15 am

Hello.
3 more things to do.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 8.1.5

Your Java needs updating!

  • Please go to Start > Control Panel, click on Java.
  • When the Java control panel opens, go into the Update tab.
  • At the bottom of that window, press the "Update Now" button and it will attempt to download the latest Java update.
  • Next, the Updater window opens, hit the Install button. It will now attempt to download the update.
  • Untick the box for installing the Yahoo Toolbar when asked.

Then download and install Adobe Reader X

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Having a strange problem with my browsers...some kind of virus??

Post by Sponsored content Today at 7:41 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum