Solved ran combofix myself now windows wont boot

JusticeNY · 2010/12/27

[Resolved] ran combofix myself now windows wont boot

tried to run combofix myself big mistake. this is why u follow instructions.
ran it said i had a rootkit and needed to be restarted so i restart now windows xp wont load
wont run in safemode either

broni · 2010/12/27

Lesson learned, right?....

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

JusticeNY · 2010/12/27

well i was able to get windows to boot back up by using my windows xp recory cd repairing it able to keep all my files as expected the viruses or malware are still on my computer

symptons are

Just-In-Time Debugging

possible debuggers
new instance of microsoft script editor

as i was doing the malwarebytes antivir popped up a few viruses of its own

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5406

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-12-27 11:05:24 PM
mbam-log-2010-12-27 (23-05-24).txt

Scan type: Quick scan
Objects scanned: 173067
Time elapsed: 15 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\temp\4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\50.tmp (Trojan.Agent) -> Delete on reboot.

broni · 2010/12/27

Please, read this post, then post the requested log(s).

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

JusticeNY · 2010/12/27

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0x8A370000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF75F7000 sjyvl.sys
0xF7508000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74F7000 pci.sys
0xF7607000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7617000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF7993000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7627000 VolSnap.sys
0xF749A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7482000 atapi.sys
0xF76B7000 disk.sys
0xF76C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7968000 fltmgr.sys
0xF7830000 sr.sys
0xF76D7000 PxHelp20.sys
0xF7951000 KSecDD.sys
0xF7A3C000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7A0F000 NDIS.sys
0xBA7ED000 sfvfs02.sys
0xF7777000 sfhlp02.sys
0xBA7DB000 sfdrv01.sys
0xBA7C0000 Mup.sys
0xF7546000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA54C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xBA538000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF772F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA515000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA4E1000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xBA4BE000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3BF000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xBA318000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA25C000 \SystemRoot\system32\drivers\smwdm.sys
0xBA238000 \SystemRoot\system32\drivers\portcls.sys
0xF7536000 \SystemRoot\system32\drivers\drmk.sys
0xF79B1000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7787000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7472000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA224000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7462000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA664000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7452000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA647000 \SystemRoot\system32\drivers\pfc.sys
0xF7442000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7432000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7767000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0xF7422000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7AB8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7412000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA62F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA20D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7402000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7887000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA6E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA1FC000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA6C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA6B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\JakNDis.sys
0xBA1CB000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA790000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA197000 \SystemRoot\system32\DRIVERS\update.sys
0xF7947000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA760000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA750000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79EB000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79F1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AAC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F5000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA6D8000 \SystemRoot\System32\drivers\vga.sys
0xF79F9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA6C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA66C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB204A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1FF2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1FCA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB1FA9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA720000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB1F28000 \SystemRoot\System32\vsdatant.sys
0xBA633000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB1F06000 \SystemRoot\System32\drivers\afd.sys
0xF7697000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB1EDA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA6F0000 \??\C:\WINDOWS\system32\npptNT2.sys
0xB1E43000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1E1D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF799B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB212F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB1DB5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A05000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF780F000 \SystemRoot\System32\watchdog.sys
0xF793B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AA0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04A000 \SystemRoot\System32\ati2cqag.dll
0xBF084000 \SystemRoot\System32\atikvmag.dll
0xBF0F1000 \SystemRoot\System32\ati3duag.dll
0xBF314000 \SystemRoot\System32\ativvaxx.dll
0xB0C1A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB0AEC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB0B0E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0BBA000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF77D7000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB0777000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB05B1000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xB058E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB044B000 \SystemRoot\system32\DRIVERS\srv.sys
0xB089C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA6D0000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB0343000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xB0306000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0B8A000 \SystemRoot\system32\drivers\sysaudio.sys
0xAF11B000 \??\C:\DOCUME~1\family\LOCALS~1\Temp\pxtdypow.sys
0xAF0F5000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xAF0CB000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
912 C:\WINDOWS\SYSTEM32\smss.exe
1408 csrss.exe
1648 C:\WINDOWS\SYSTEM32\winlogon.exe
124 C:\WINDOWS\SYSTEM32\services.exe
184 C:\WINDOWS\SYSTEM32\lsass.exe
784 C:\WINDOWS\SYSTEM32\ati2evxx.exe
888 C:\WINDOWS\SYSTEM32\svchost.exe
1140 svchost.exe
1352 C:\WINDOWS\SYSTEM32\svchost.exe
1404 C:\WINDOWS\SYSTEM32\svchost.exe
164 svchost.exe
388 svchost.exe
1356 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1696 C:\WINDOWS\SYSTEM32\LexBceS.exe
1780 C:\WINDOWS\SYSTEM32\Lexpps.exe
1784 C:\WINDOWS\SYSTEM32\spoolsv.exe
2000 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1312 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1508 C:\Program Files\Bonjour\mDNSResponder.exe
1656 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
616 C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
1252 C:\Program Files\Java\jre6\bin\jqs.exe
1836 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1908 C:\WINDOWS\SYSTEM32\svchost.exe
308 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2160 C:\WINDOWS\SYSTEM32\svchost.exe
2292 C:\WINDOWS\explorer.exe
2384 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3732 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3384 C:\Program Files\QuickTime\QTTask.exe
3540 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
568 C:\Program Files\Internet Explorer\IEXPLORE.EXE
2128 C:\Program Files\Internet Explorer\IEXPLORE.EXE
1164 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
2892 C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
1124 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
2216 C:\Program Files\Mozilla Firefox\firefox.exe
3924 C:\Documents and Settings\family\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: ST380013AS, Rev: 8.05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365

Done!

JusticeNY · 2010/12/27

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
Ad Muncher
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
AIMCustomEmoticons
Any Video Converter 3.0.4
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Authentium AntiVirus SDK - 2
Avira AntiVir Personal - Free Antivirus
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Camtasia Studio 6
Camtasia Studio 7
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Canon Utilities My Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Default
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo AIO Printer 942
Dell ResourceCD
Dell Support 5.0.0 (630)
Digital Line Detect
DIGOpt
DIGReqEx
Download Updater (AOL LLC)
EarthLink MDAC
EarthLink TAR
EasyCleaner
ebgcInfra
ebgcRes
ebgcSDK
Foxit Reader
Garmin Communicator Plugin
Garmin USB Drivers
GIMP 2.4.5
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GTactix
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam Toolbar
Intel RSX 3D
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jaksta Streaming Media Recorder
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 6.3.0 (Full)
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Managed DirectX (0901)
ManyCam 2.4 (remove only)
McAfee Shredder
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft UI Engine
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
mIRC
Mouse Suite
Move Media Player
Mozilla Firefox (3.5.16)
MSN
MSN Encarta Plus Support Files
MSN Music Assistant
MSN Toolbar
MSN Toolbar Platform
MSSoap
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
NetWaiting
Nvu 1.0
Octoshape add-in for Adobe Flash Player
ooVoo
Opera 10.63
Orbit Downloader
PDF Settings
POM for Windows (Version 3)
PPSDKRedistributables
QQ BlackJack
QQ Bubble Arena
QQ Games
QQ Gold Sweeper
QQ Match Master
QQ Pool
QQ Robo
QQ Texas Hold'em
QQ Treasure Hunter
QuickTime
Radialpoint Security Services
Recover Files 2.1
Recuva (remove only)
Revo Uninstaller Pro 2.2.3
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Segoe UI
Skins
Skype Toolbars
Skype™ 4.2
SopCast 3.2.4
Styler
System Requirements Lab
Technitium MAC Address Changer v5.0 Release 3
Tweak UI
Ulead GIF Animator
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (KB2466076)
VC 9.0 Runtime
Verizon Online Help and Support
Verizon PC Security Checkup
Video Thumbnails Maker by Scorp (remove only)
Video to iPod MP4 PSP 3GP Converter
VideoAvatar
Vista Anthracite Pack - UltraLite 1.31
VLC media player 0.9.8a
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
WinZip 11.2
WordPerfect Office 12
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Zilla Data Nuker 2.0.0.0
ZoneAlarm
ZoneAlarm Toolbar

==== End Of File ===========================

JusticeNY · 2010/12/27

DDS (Ver_10-12-12.02) - NTFSx86
Run by Family at 0:23:54.15 on 2010-12-28
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\black iii\orbitdownloader\orbitcth.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C70E30C7-140A-4166-A2E8-43557E62B41A} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - c:\progra~1\vol_to~1\VOL_TO~1.DLL
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon= "hidden "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: &Download by Orbit - c:\black iii\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\black iii\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\black iii\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\black iii\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - hxxp://verizon.exent.com/vzfamily/classes/ExentCtl.ocx
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v59/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxsrvc.dll
Notify: winabi32 - winabi32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\h0sglesq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\family\application data\mozilla\firefox\profiles\h0sglesq.default\extensions\{2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\family\application data\mozilla\firefox\profiles\h0sglesq.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\family\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPOFF12.DLL
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XULRunner: {238A4A10-C554-469F-BA69-4F05A5D2DE26} - c:\documents and settings\family\local settings\application data\{238A4A10-C554-469F-BA69-4F05A5D2DE26}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BlackBar Community Toolbar: {2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea} - %profile%\extensions\{2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-12-28 03:08:26 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-12-28 03:08:26 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-12-28 03:08:26 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2010-12-28 03:08:26 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-12-28 03:08:26 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-12-28 03:08:25 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-12-28 03:08:03 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2010-12-28 03:06:59 538624 -c--a-w- c:\windows\system32\dllcache\spider.exe
2010-12-28 03:05:53 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-12-28 03:04:59 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-12-28 03:03:59 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-12-28 03:02:59 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2010-12-28 02:22:12 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-28 02:22:12 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-28 02:22:12 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-28 02:22:12 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-28 02:21:39 13753 ----a-r- c:\windows\SET13C.tmp
2010-12-28 02:21:29 1086058 ----a-r- c:\windows\SET130.tmp
2010-12-28 02:21:23 1042903 ----a-r- c:\windows\SET12D.tmp
2010-12-27 23:50:23 89088 ----a-w- c:\windows\MBR.exe
2010-12-27 23:50:22 98816 ----a-w- c:\windows\sed.exe
2010-12-27 23:50:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-27 23:50:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-27 23:49:27 -------- d-s---w- C:\ComboFix
2010-12-27 23:22:15 107520 ----a-w- c:\windows\system32\winabi32.dll
2010-12-27 21:04:49 -------- d-----w- c:\windows\msapps
2010-12-27 21:04:49 -------- d-----w- c:\windows\dell
2010-12-12 03:57:11 -------- d-----w- c:\docume~1\family\applic~1\Avira
2010-12-12 03:46:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-12 03:46:19 -------- d-----w- c:\program files\Avira
2010-12-12 03:46:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-09 05:59:29 -------- d-----w- c:\docume~1\family\applic~1\Toolbar4
2010-12-09 05:59:21 -------- d-----w- c:\program files\HyperCam Toolbar
2010-12-05 05:48:05 -------- d-----w- c:\program files\common files\Software Update Utility
2010-11-29 22:28:30 -------- d-----w- c:\program files\MSN Toolbar
2010-11-29 22:27:01 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-11-29 22:25:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 22:25:36 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

==================== Find3M ====================

2010-11-29 22:25:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-10 04:55:02 398744 ----a-r- c:\windows\system32\cpnprt2.cid

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile( "\\.\PHYSICALDRIVE0 "): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A3AA555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a3b07b0]; MOV EAX, [0x8a3b082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E19BC] -> \Device\Harddisk0\DR0[0x8A3FF030]
3 CLASSPNP[0xF76C805B] -> nt!IofCallDriver[0x804E19BC] -> [0x8A3767D8]
\Driver\atapi[0x8A3F10D0] -> IRP_MJ_CREATE -> 0x8A3AA555
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A3AA39B
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 0:26:03.16 ===============

broni · 2010/12/28

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

JusticeNY · 2010/12/28

when i run
GMER
i keep getting blue screened mid scan

JusticeNY · 2010/12/28

2010/12/28 03:25:45.0084 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 03:25:45.0084 ================================================================================
2010/12/28 03:25:45.0084 SystemInfo:
2010/12/28 03:25:45.0084
2010/12/28 03:25:45.0084 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/28 03:25:45.0084 Product type: Workstation
2010/12/28 03:25:45.0084 ComputerName: FAM
2010/12/28 03:25:45.0084 UserName: Family
2010/12/28 03:25:45.0084 Windows directory: C:\WINDOWS
2010/12/28 03:25:45.0084 System windows directory: C:\WINDOWS
2010/12/28 03:25:45.0084 Processor architecture: Intel x86
2010/12/28 03:25:45.0084 Number of processors: 2
2010/12/28 03:25:45.0084 Page size: 0x1000
2010/12/28 03:25:45.0084 Boot type: Normal boot
2010/12/28 03:25:45.0084 ================================================================================
2010/12/28 03:25:45.0569 Initialize success
2010/12/28 03:25:59.0662 ================================================================================
2010/12/28 03:25:59.0662 Scan started
2010/12/28 03:25:59.0662 Mode: Manual;
2010/12/28 03:25:59.0662 ================================================================================
2010/12/28 03:26:01.0162 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/28 03:26:01.0240 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/28 03:26:01.0412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/28 03:26:01.0474 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/28 03:26:01.0537 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/28 03:26:01.0615 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/12/28 03:26:01.0709 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/28 03:26:01.0787 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/28 03:26:01.0834 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/28 03:26:01.0896 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/28 03:26:01.0959 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/28 03:26:02.0006 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/28 03:26:02.0052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/28 03:26:02.0131 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/28 03:26:02.0177 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/28 03:26:02.0209 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/28 03:26:02.0302 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/28 03:26:02.0365 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/28 03:26:02.0412 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/28 03:26:02.0521 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/28 03:26:02.0568 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/28 03:26:02.0740 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/28 03:26:02.0834 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/28 03:26:02.0896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/28 03:26:03.0006 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/12/28 03:26:03.0099 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/12/28 03:26:03.0162 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/28 03:26:03.0224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/28 03:26:03.0334 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/28 03:26:03.0381 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/28 03:26:03.0459 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/28 03:26:03.0521 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/28 03:26:03.0568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/28 03:26:03.0631 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/28 03:26:03.0709 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/28 03:26:03.0802 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/28 03:26:03.0881 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/28 03:26:04.0084 CSS DVP (d7cde6905f84b438ed3de5997c9b2cfa) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
2010/12/28 03:26:04.0193 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/28 03:26:04.0256 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/28 03:26:04.0365 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/28 03:26:04.0521 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/28 03:26:04.0630 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/12/28 03:26:04.0693 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/28 03:26:04.0771 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/28 03:26:04.0834 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/28 03:26:04.0912 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/28 03:26:04.0990 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/28 03:26:05.0162 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/28 03:26:05.0255 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/28 03:26:05.0318 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/28 03:26:05.0427 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/28 03:26:05.0505 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/28 03:26:05.0568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/28 03:26:05.0615 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/28 03:26:05.0693 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/28 03:26:05.0771 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/28 03:26:05.0865 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/12/28 03:26:05.0927 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
2010/12/28 03:26:06.0037 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/28 03:26:06.0099 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/28 03:26:06.0177 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/28 03:26:06.0271 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/28 03:26:06.0443 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/28 03:26:06.0521 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/28 03:26:06.0599 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/28 03:26:06.0662 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/28 03:26:06.0787 ialm (6d4b680d5bf352cd0951aadd4de119ef) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/28 03:26:06.0912 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/28 03:26:06.0990 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/28 03:26:07.0068 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/28 03:26:07.0130 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/28 03:26:07.0209 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/28 03:26:07.0271 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/28 03:26:07.0365 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/28 03:26:07.0443 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/28 03:26:07.0521 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/28 03:26:07.0599 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/28 03:26:07.0662 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/28 03:26:07.0771 ISWKL (4122f5208ae8380ccbacc5870d2567c7) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/12/28 03:26:07.0896 JakNDis (fcfe5f566e01264643a3175beb4c8280) C:\WINDOWS\system32\DRIVERS\JakNDis.sys
2010/12/28 03:26:07.0912 JakNDisMP (fcfe5f566e01264643a3175beb4c8280) C:\WINDOWS\system32\DRIVERS\JakNDis.sys
2010/12/28 03:26:07.0990 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/28 03:26:08.0068 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/28 03:26:08.0146 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/28 03:26:08.0302 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
2010/12/28 03:26:08.0412 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/28 03:26:08.0490 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/28 03:26:08.0568 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/28 03:26:08.0615 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/28 03:26:08.0662 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/28 03:26:08.0724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/28 03:26:08.0802 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/28 03:26:08.0865 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/28 03:26:08.0990 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/12/28 03:26:09.0052 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/12/28 03:26:09.0162 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/28 03:26:09.0255 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/28 03:26:09.0396 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/28 03:26:09.0505 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/28 03:26:09.0568 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/28 03:26:09.0630 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/28 03:26:09.0677 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/28 03:26:09.0755 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/28 03:26:09.0833 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/28 03:26:09.0912 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/28 03:26:10.0037 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/28 03:26:10.0115 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/28 03:26:10.0193 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/28 03:26:10.0287 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/28 03:26:10.0365 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/28 03:26:10.0443 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/28 03:26:10.0490 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/28 03:26:10.0568 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/28 03:26:10.0662 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/28 03:26:10.0740 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2010/12/28 03:26:10.0927 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/28 03:26:11.0037 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/28 03:26:11.0130 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/28 03:26:11.0333 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/28 03:26:11.0380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/28 03:26:11.0458 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/28 03:26:11.0552 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/28 03:26:11.0615 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/28 03:26:11.0708 NWRDR (03373a79440473062c6f3aedec6a49c8) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/12/28 03:26:11.0771 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/28 03:26:11.0849 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/28 03:26:11.0912 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/28 03:26:11.0974 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/28 03:26:12.0037 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/28 03:26:12.0115 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/28 03:26:12.0193 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/28 03:26:12.0474 pelmouse (03f37bebd1f699b12304c4aeeedc0fae) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2010/12/28 03:26:12.0552 pelusblf (a448e46c8fcb8f7f4ee0c64c97fe86ce) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2010/12/28 03:26:12.0615 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/28 03:26:12.0693 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/28 03:26:12.0771 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/12/28 03:26:12.0896 PnkBstrK (58a25c6a67f53bdf5d899768a15b849c) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/12/28 03:26:13.0021 PortTalk (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PortTalk.sys
2010/12/28 03:26:13.0099 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/28 03:26:13.0161 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/28 03:26:13.0240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/28 03:26:13.0333 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/28 03:26:13.0380 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/28 03:26:13.0474 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/28 03:26:13.0521 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/28 03:26:13.0568 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/28 03:26:13.0630 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/28 03:26:13.0677 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/28 03:26:13.0771 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/28 03:26:13.0818 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/28 03:26:13.0865 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/28 03:26:13.0943 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/28 03:26:14.0005 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/28 03:26:14.0083 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/28 03:26:14.0208 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/28 03:26:14.0349 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/28 03:26:14.0443 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2010/12/28 03:26:14.0583 scsiprnt (74d69a3393a1f491d013db711641dd2d) C:\WINDOWS\system32\DRIVERS\scsiprnt.sys
2010/12/28 03:26:14.0661 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/28 03:26:14.0740 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/28 03:26:14.0802 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/28 03:26:14.0927 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/12/28 03:26:14.0974 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/12/28 03:26:15.0052 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/28 03:26:15.0099 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2010/12/28 03:26:15.0240 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/28 03:26:15.0318 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/28 03:26:15.0396 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/28 03:26:15.0521 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/28 03:26:15.0599 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/28 03:26:15.0708 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/28 03:26:15.0833 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/28 03:26:15.0911 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/28 03:26:16.0005 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/28 03:26:16.0083 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/28 03:26:16.0161 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/28 03:26:16.0224 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/28 03:26:16.0318 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/28 03:26:16.0411 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/28 03:26:16.0489 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/28 03:26:16.0583 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/28 03:26:16.0614 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/28 03:26:16.0708 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/28 03:26:16.0802 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2010/12/28 03:26:16.0880 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/28 03:26:16.0989 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/28 03:26:17.0052 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/28 03:26:17.0114 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/28 03:26:17.0224 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/12/28 03:26:17.0286 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/28 03:26:17.0380 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/28 03:26:17.0489 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/28 03:26:17.0614 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2010/12/28 03:26:17.0739 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/28 03:26:17.0880 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/28 03:26:17.0974 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/28 03:26:18.0052 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/28 03:26:18.0130 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/28 03:26:18.0208 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/28 03:26:18.0255 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/28 03:26:18.0333 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/28 03:26:18.0411 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/28 03:26:18.0505 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/12/28 03:26:18.0599 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/28 03:26:18.0708 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/28 03:26:18.0802 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/28 03:26:18.0958 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/28 03:26:19.0036 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/12/28 03:26:19.0224 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/28 03:26:19.0380 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/28 03:26:19.0474 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/28 03:26:19.0693 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/28 03:26:19.0755 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/28 03:26:19.0833 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/28 03:26:19.0927 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/28 03:26:19.0989 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/28 03:26:20.0114 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/28 03:26:20.0114 ================================================================================
2010/12/28 03:26:20.0114 Scan finished
2010/12/28 03:26:20.0114 ================================================================================
2010/12/28 03:26:20.0130 Detected object count: 1
2010/12/28 03:26:29.0161 \HardDisk0 - will be cured after reboot
2010/12/28 03:26:29.0161 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/28 03:26:32.0473 Deinitialize success

broni · 2010/12/28

Good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

JusticeNY · 2010/12/28

Combox fix logs
put them in a code because it said i have to many html tags and im only allowed 8
ComboFix 10-12-26.01 - Family 2010-12-28 14:54:07.9.2 - x86
Running from: c:\documents and settings\family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\family\Local Settings\Application Data\{238A4A10-C554-469F-BA69-4F05A5D2DE26}
c:\documents and settings\family\Local Settings\Application Data\{238A4A10-C554-469F-BA69-4F05A5D2DE26}\chrome.manifest
c:\documents and settings\family\Local Settings\Application Data\{238A4A10-C554-469F-BA69-4F05A5D2DE26}\chrome\content\_cfg.js
c:\documents and settings\family\Local Settings\Application Data\{238A4A10-C554-469F-BA69-4F05A5D2DE26}\chrome\content\overlay.xul
c:\documents and settings\family\Local Settings\Application Data\{238A4A10-C554-469F-BA69-4F05A5D2DE26}\install.rdf
c:\documents and settings\family\Local Settings\Application Data\ie_runner_app.exe
C:\readme.txt
c:\windows\ST6UNST.000
c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 08:46 . 2010-12-28 09:28 -------- d-----w- C:\9c1c213a8b65e850fa7c8b95a8
2010-12-28 06:31 . 2010-12-28 06:31 -------- d-----w- C:\Adobe
2010-12-28 03:08 . 2004-08-12 13:36 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-12-28 03:08 . 2004-08-12 13:36 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-12-28 03:08 . 2004-08-12 13:36 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-12-28 03:08 . 2004-08-12 13:36 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2010-12-28 03:08 . 2004-08-12 13:36 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-12-28 03:08 . 2004-08-12 13:36 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-12-28 03:08 . 2004-08-12 13:34 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2010-12-28 03:06 . 2004-08-12 13:29 538624 -c--a-w- c:\windows\system32\dllcache\spider.exe
2010-12-28 03:05 . 2004-08-12 13:20 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-12-28 03:04 . 2004-08-12 13:20 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-12-28 03:03 . 2004-08-12 13:17 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-12-28 03:02 . 2003-03-24 21:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2010-12-28 02:22 . 2004-08-12 13:29 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-28 02:22 . 2004-08-12 13:29 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-28 02:22 . 2004-08-12 13:20 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-28 02:22 . 2004-08-12 13:20 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-27 23:22 . 2010-12-27 23:22 107520 ----a-w- c:\windows\system32\winabi32.dll
2010-12-27 21:04 . 2010-12-27 21:04 -------- d-----w- c:\windows\msapps
2010-12-27 21:04 . 2010-12-27 21:04 -------- d-----w- c:\windows\dell
2010-12-12 03:57 . 2010-12-12 03:57 -------- d-----w- c:\documents and settings\family\Application Data\Avira
2010-12-12 03:46 . 2010-12-25 17:19 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-12 03:46 . 2010-12-19 16:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-12 03:46 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-12 03:46 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-12 03:46 . 2010-12-12 03:46 -------- d-----w- c:\program files\Avira
2010-12-12 03:46 . 2010-12-12 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-09 05:59 . 2010-12-09 05:59 -------- d-----w- c:\documents and settings\family\Application Data\Toolbar4
2010-12-09 05:59 . 2010-12-09 05:59 -------- d-----w- c:\program files\HyperCam Toolbar
2010-12-05 05:48 . 2010-12-05 05:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-11-29 22:28 . 2010-11-29 22:28 -------- d-----w- c:\program files\MSN Toolbar
2010-11-29 22:27 . 2010-11-29 22:28 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-11-29 22:25 . 2010-11-29 22:25 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-29 22:25 . 2010-11-29 22:25 423656 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-07-27 05:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-07-27 05:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 23:07 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-29 23:07 . 2009-08-18 16:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-29 22:25 . 2008-04-24 02:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-10 04:55 . 2009-05-06 21:35 398744 ----a-r- c:\windows\system32\cpnprt2.cid
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 15:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} "= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-18 730600]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winabi32]
2010-12-27 23:22 107520 ----a-w- c:\windows\SYSTEM32\winabi32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^family^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\family\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-02 06:09 135664 ----atw- c:\documents and settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-05-06 21:48 118784 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-05-06 21:52 155648 -c--a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2001-01-12 21:36 73728 -c--a-w- c:\windows\SYSTEM32\PELMICED.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2010-02-12 16:02 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\replay_telecorder_skype]
2010-11-07 04:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-11-07 04:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)
"PnkBstrB "=2 (0x2)
"PnkBstrA "=2 (0x2)
"ATI Smart "=2 (0x2)
"Ati HotKey Poller "=2 (0x2)
"Apple Mobile Device "=2 (0x2)
"SeaPort "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\AIM7\\aim.exe "=
"c:\\Program Files\\Opera 10 Beta\\opera.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Documents and Settings\\family\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\family\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Black III\\Orbitdownloader\\orbitdm.exe "=
"c:\\Black III\\Orbitdownloader\\orbitnet.exe "=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe "=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe "=
"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe "=
"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP "= 443:TCP:*isabledoVoo TCP port 443
"443:UDP "= 443:UDP:*isabledoVoo UDP port 443
"37674:TCP "= 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP "= 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP "= 37675:UDP:*isabledoVoo UDP port 37675

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 136176]
R2 sbbotdi;sbbotdi; [x]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2004-08-12 14336]
R3 NTProcDrv;Process creation detector for NT.; [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2002-01-12 3567]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\DRIVERS\scsiprnt.sys [2004-08-12 11648]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [2007-06-04 223128]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-10 717296]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-18 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-18 493032]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MSISERVER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 04:17]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 04:17]

2010-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271019165-553755714-499774489-1005Core.job
- c:\documents and settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 06:09]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271019165-553755714-499774489-1005UA.job
- c:\documents and settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 06:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\family\Application Data\Mozilla\Firefox\Profiles\h0sglesq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BlackBar Community Toolbar: {2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea} - %profile%\extensions\{2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Clirogod - c:\windows\COLBDMNU.dll
MSConfigStartUp-Ytatenocopolog - c:\windows\ubinurifucipisoz.dll
AddRemove-Ad Muncher - c:\program files\Ad Muncher\uninst.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-28 15:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2271019165-553755714-499774489-1005\¬ ³*]
@Allowed: (Read) (RestrictedCode)
"verticalChoices "= "weatherV "
"firstLaunch "= "false "
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1732)
c:\windows\system32\winabi32.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1824)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-12-28 15:09:41
ComboFix-quarantined-files.txt 2010-12-28 20:09
ComboFix2.txt 2010-05-28 07:22

Pre-Run: 1,546,407,936 bytes free
Post-Run: 1,725,321,216 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 88B782252B5F921B2FD122C352B7F2F2

broni · 2010/12/28

It looks good now

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

JusticeNY · 2010/12/28

OTL Extras logfile created on: 2010-12-28 4:07:14 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\family\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 1.49 Gb Free Space | 2.09% Space Free | Partition Type: NTFS

Computer Name: FAM | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" File not found
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" File not found
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"443:TCP" = 443:TCP:*isabledoVoo TCP port 443
"443:UDP" = 443:UDP:*isabledoVoo UDP port 443
"37674:TCP" = 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP" = 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP" = 37675:UDP:*isabledoVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Opera 10 Beta\opera.exe" = C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\family\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\family\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\family\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\family\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Black III\Orbitdownloader\orbitdm.exe" = C:\Black III\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Black III\Orbitdownloader\orbitnet.exe" = C:\Black III\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\Tencent\QQ Games\QQGames.exe" = C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games -- (Tencent America LLC)
"C:\Program Files\Tencent\QQ Games\QQGamesD.exe" = C:\Program Files\Tencent\QQ Games\QQGamesD.exe:*:Enabled:QQ Games Downloader -- ()
"C:\Program Files\Tencent\QQ Games\Update\Update.exe" = C:\Program Files\Tencent\QQ Games\Update\Update.exe:*:Enabled:QQ Games Updater -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02A5E106-248B-E495-6C9E-6799C614CABF}" = Catalyst Control Center Graphics Full New
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{046ED2B7-14D5-4F2C-A275-09D54CEFE757}" = GTactix
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1C322C-10D0-A4C3-3602-0BE66B72DE33}" = ccc-utility
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFF701-4E2B-9955-9DF7-10B8CA602571}" = Catalyst Control Center Graphics Light
"{2FBDFF53-D89D-4F6E-9949-C20E17E1BB0C}" = Jaksta Streaming Media Recorder
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5380B111-5047-413D-A6E5-70D69391D08E}" = ebgcRes
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D8C6D1D-7188-88E4-03A5-AAC810CA2333}" = Catalyst Control Center Core Implementation
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{605B2FA3-968E-A060-1F72-8392138F1463}" = ccc-core-preinstall
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80C95E7B-C6E8-97B8-CC74-6CA4E029EB9F}" = Catalyst Control Center Graphics Full Existing
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E5C4D14-D326-42C8-2BD2-78156F89C37C}" = CCC Help English
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A61C60EE-AFC4-4D77-A763-1908A09F2761}" = Default
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" = EarthLink TAR
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BC5614C6-94E6-CEB8-3728-3A238CAEAD63}" = ccc-core-static
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD2A4F3B-3E84-9E36-7585-17EA397A8DCA}" = Skins
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE065F90-1465-3641-EDF6-2C3AE56CA8ED}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6BFFF7-4C32-B470-401C-93E99FB34838}" = Catalyst Control Center HydraVision Full
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"AIMCustomEmoticons" = AIMCustomEmoticons
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.0.4
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"DellSupport" = Dell Support 5.0.0 (630)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"Nvu_is1" = Nvu 1.0
"Orbit_is1" = Orbit Downloader
"POM for Windows (Version 3)" = POM for Windows (Version 3)
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QQ BlackJack" = QQ BlackJack
"QQ Bubble Arena" = QQ Bubble Arena
"QQ Games" = QQ Games
"QQ Gold Sweeper" = QQ Gold Sweeper
"QQ Match Master" = QQ Match Master
"QQ Pool" = QQ Pool
"QQ Robo" = QQ Robo
"QQ Texas Hold'em" = QQ Texas Hold'em
"QQ Treasure Hunter" = QQ Treasure Hunter
"Recover Files_is1" = Recover Files 2.1
"Recuva" = Recuva (remove only)
"RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"RSX2DeinstKey" = Intel RSX 3D
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"SystemRequirementsLab" = System Requirements Lab
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.8
"Verizon Online Help and Support" = Verizon Online Help and Support
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"Video to iPod MP4 PSP 3GP Converter3.4.7" = Video to iPod MP4 PSP 3GP Converter
"VideoAvatar_is1" = VideoAvatar
"Vista Anthracite Pack - UltraLite" = Vista Anthracite Pack - UltraLite 1.31
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zilla Data Nuker_is1" = Zilla Data Nuker 2.0.0.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-12-28 1:47:56 PM | Computer Name = FAM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module urlmon.dll, version 6.0.2900.2180, fault address 0x0003c7a7.

Error - 2010-12-28 1:47:59 PM | Computer Name = FAM | Source = Application Error | ID = 1001
Description = Fault bucket 882260412.

Error - 2010-12-28 3:11:04 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 3:11:04 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 3:22:18 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 3:22:18 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 4:50:03 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 4:50:03 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 4:51:18 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-12-28 4:51:18 PM | Computer Name = FAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 2010-01-17 6:41:17 PM | Computer Name = FAM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-10-10 2:46:19 PM | Computer Name = FAM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 359
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-12-28 5:44:26 AM | Computer Name = FAM | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 2010-12-28 1:45:57 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
" " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2010-12-28 4:06:10 PM | Computer Name = FAM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.

Error - 2010-12-28 4:10:35 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2010-12-28 4:10:44 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2010-12-28 4:10:44 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2010-12-28 4:10:56 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2010-12-28 4:11:01 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2010-12-28 4:51:59 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
" " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2010-12-28 4:52:00 PM | Computer Name = FAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1083" attempting to start the service BITS with arguments
" " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

< End of report >

broni · 2010/12/28

???..

JusticeNY · 2010/12/28

for some reason i can't post the other otl log everytime i try says my connection was reset

JusticeNY · 2010/12/28

thats wierd i can post anything else but when i post that log

The connection was reset
the connection to the server was reset while the page was loading.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

broni · 2010/12/28

Upload both logs here: http://www.filedropper.com/
Post download link (copy URL: link):

JusticeNY · 2010/12/28

http://www.filedropper.com/otl_1

JusticeNY · 2010/12/28

also been getting this free walmart giftcard popup on firefox

Log in or Sign up

Solved ran combofix myself now windows wont boot

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved ran combofix myself now windows wont boot

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

Share This Page

Useful Searches