Solved All my progams were deleted by virus. I have a black screan

rpicon · 2011/06/06

[Resolved] All my progams were deleted by virus. I have a black screan

it happened quick and before i could react all my progams, documents, files were deleted. However, i can locate most everything using the search buttom, i just can't see it. My "C" drive looks empty. All my saved files looked to be gone. Same with IE. No history or saved links.

My desktop is now black in color and everything is gone. saving stuff on my desktop is hard since I can't see it to open and run.

Here are my reports:

1) Malwarebytes.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5762

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

2011-06-06 14:30:34
mbam-log-2011-06-06 (14-30-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 308201
Time elapsed: 53 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/06/06

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Before we go anywhere, how exactly do you operate your computer since you can't see anything?
Same issue in Safe Mode?

rpicon · 2011/06/07

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 10:04:12
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: o4xdmri6[1].exe; Driver: C:\DOCUME~1\RICKPI~1\LOCALS~1\Temp\kxtcrpow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF750AC04]
SSDT sptd.sys ZwEnumerateKey [0xF750AD48]
SSDT sptd.sys ZwEnumerateValueKey [0xF750B0C0]
SSDT sptd.sys ZwOpenKey [0xF750AAE2]
SSDT sptd.sys ZwQueryKey [0xF750B18A]
SSDT sptd.sys ZwQueryValueKey [0xF750B022]
SSDT sptd.sys ZwSetValueKey [0xF750B212]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3197.SYS The process cannot access the file because it is being used by another process.
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 BA4DA4D0 16 Bytes [17, 5F, FF, E5, 52, 5D, 34, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 BA4DA4E1 31 Bytes [90, 4D, BA, 7F, 68, 5E, 9D, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 32604F4E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E352056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E351FD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E35201B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E351F63 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E351F9D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E352091 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1280] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E352253 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7513F52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7514550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7514454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7514620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F7514620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7514550] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7514454] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7529F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F751410E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7529BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7513FA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7506A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7506B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7506AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75076CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75075A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A79E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F75191BA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7529BB0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A79E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7506020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7506020] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 06760880
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 06760570
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 06759060
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0675A5A0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0675D710
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0675B2F0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0675A8D0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0675CA50
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0675FA50
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0675FA90
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 06760BD0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0675F640
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0675D670
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0675BE10
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0675AFA0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0675B890
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 06761150
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0675CDA0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0675D4D0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0675E100
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0675DBE0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0675E080
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0675EBA0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0675E270
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 0675AC50
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0675BCC0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0675FB70
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0675DD20
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0675D610
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0675D1D0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0675D820
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 06760BF0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0675DB20
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 06760E90
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 06760E30
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 06761080
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 06761120
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 06760F50

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89C0AC78
Device \Driver\NetBT \Device\NetBT_Tcpip_{849CB337-DE20-421B-AC9E-B4F750CB1F7B} 88DDF5F0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89BBC808
Device \Driver\dmio \Device\DmControl\DmConfig 89BBC808
Device \Driver\dmio \Device\DmControl\DmPnP 89BBC808
Device \Driver\dmio \Device\DmControl\DmInfo 89BBC808

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89BBCA40
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BBCA40
Device \Driver\Cdrom \Device\CdRom0 89B6B5D0
Device \FileSystem\Rdbss \Device\FsWrap 88DE17B0
Device \Driver\iastor \Device\Ide\iaStor0 89C0A0E8
Device \Driver\atapi \Device\Ide\IdePort0 [F78452F0] atapi.sys[unknown section] {MOV EAX, 0x89bbc4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F78452F0] atapi.sys[unknown section] {MOV EAX, 0x89bbc4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F78452F0] atapi.sys[unknown section] {MOV EAX, 0x89bbc4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 89C0A0E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89BBCA40
Device \Driver\Cdrom \Device\CdRom1 89B6B5D0
Device \Driver\Cdrom \Device\CdRom2 89B6B5D0
Device \Driver\Ftdisk \Device\HarddiskVolume4 89BBCA40
Device \Driver\NetBT \Device\NetBt_Wins_Export 88DDF5F0
Device \Driver\NetBT \Device\NetbiosSmb 88DDF5F0
Device \Driver\00000457 \Device\0000004f sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 89C0AEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88DD60E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88DD60E8
Device \FileSystem\Npfs \Device\NamedPipe 88DFF488
Device \Driver\Ftdisk \Device\FtControl 89BBCA40
Device \FileSystem\Msfs \Device\Mailslot 88E17698
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 89B0D5C0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 89B0D5C0
Device \FileSystem\Fastfat \Fat 886CD7F0
Device \FileSystem\Fastfat \Fat B8CCE1F9

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 88D8CEB0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1255686754
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1468089294
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -934213699
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\ProgID@ Ietag.OOC.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\TypeLib@ {06CA6721-CB57-449E-8097-E65B9F543A1A}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\VersionIndependentProgID@ Ietag.OOC

---- EOF - GMER 1.0.15 ----

rpicon · 2011/06/07

.
DDS (Ver_2011-06-03.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by rpicon at 10:09:18 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1482 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Rick Picon\Local Settings\Temporary Internet Files\Content.IE5\BYP31QJJ\o4xdmri6[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [Google Update] "c:\documents and settings\rick picon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VyuAmrmEfIELC] c:\documents and settings\all users\application data\VyuAmrmEfIELC.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Display] c:\program files\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: facebook.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: novasc.org\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1831/SkillGround.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
TCP: DhcpNameServer = 192.168.1.113
TCP: Interfaces\{849CB337-DE20-421B-AC9E-B4F750CB1F7B} : DhcpNameServer = 192.168.1.113
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\rick picon\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-1-30 223128]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-14 294608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
S2 APC Data Service;APC Data Service;c:\program files\apc\apc powerchute personal edition\dataserv.exe [2010-9-14 21880]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-14 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-14 40384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-10 3712]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-27 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-27 47640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
S2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-17 34760]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-06-06 17:12:04 350208 ---ha-w- c:\documents and settings\all users\application data\18865956.exe
2011-06-06 17:02:59 435200 ---ha-w- c:\documents and settings\all users\application data\VyuAmrmEfIELC.exe
2011-05-24 14:53:47 -------- d--h--w- c:\documents and settings\rick picon\application data\GlarySoft
2011-05-24 14:25:34 -------- d--h--w- c:\documents and settings\rick picon\local settings\application data\AskToolbar
2011-05-24 14:18:24 -------- d--h--w- c:\documents and settings\rick picon\application data\Sammsoft
2011-05-16 15:45:35 1409 ---ha-w- c:\windows\QTFont.for
.
==================== Find3M ====================
.
2011-06-06 17:20:45 96256 ---ha-w- c:\windows\system32\drivers\sptd3197.sys
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 14:59:17 6918144 ---ha-w- c:\documents and settings\rick picon\PCPE_3.0.msi
2011-03-11 19:16:08 397856 ---ha-w- c:\windows\system32\XceedZip.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x89C0AEB0]<<
_asm { MOV EAX, 0x89c0add0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x89c0dc94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x89B9B918]
\Driver\Disk[0x89B67B90] -> IRP_MJ_CREATE -> 0x89C0AEB0
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x89c0aeb0
\Driver\iaStor -> 0x89c0a0e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 10:09:35.09 ===============

rpicon · 2011/06/07

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006-03-31 13:54:53
System Uptime: 2011-06-06 13:24:57 (21 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 34.967 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 6.035 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
P: is NetworkDisk (NTFS) - 136 GiB total, 53.832 GiB free.
T: is NetworkDisk (NTFS) - 136 GiB total, 53.832 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP468: 2011-03-08 11:07:53 - Installed WOT for Internet Explorer
RP469: 2011-03-09 11:53:38 - Installed TurboTax 2010 wrapper
RP470: 2011-03-09 12:47:11 - Installed TurboTax 2010 wvaiper
RP471: 2011-03-10 14:31:05 - System Checkpoint
RP472: 2011-03-11 15:53:06 - System Checkpoint
RP473: 2011-03-12 16:49:47 - System Checkpoint
RP474: 2011-03-13 18:49:46 - System Checkpoint
RP475: 2011-03-14 19:49:45 - System Checkpoint
RP476: 2011-03-15 20:49:42 - System Checkpoint
RP477: 2011-03-16 21:49:37 - System Checkpoint
RP478: 2011-03-17 22:49:34 - System Checkpoint
RP479: 2011-03-18 23:49:36 - System Checkpoint
RP480: 2011-03-20 00:49:33 - System Checkpoint
RP481: 2011-03-21 01:49:32 - System Checkpoint
RP482: 2011-03-22 02:49:30 - System Checkpoint
RP483: 2011-03-23 03:49:28 - System Checkpoint
RP484: 2011-03-24 04:49:24 - System Checkpoint
RP485: 2011-03-25 05:49:22 - System Checkpoint
RP486: 2011-03-26 06:49:09 - System Checkpoint
RP487: 2011-03-27 07:49:06 - System Checkpoint
RP488: 2011-03-28 08:49:04 - System Checkpoint
RP489: 2011-03-29 09:49:03 - System Checkpoint
RP490: 2011-03-30 13:49:29 - System Checkpoint
RP491: 2011-03-31 13:51:50 - System Checkpoint
RP492: 2011-04-01 10:39:06 - Removed Ask Toolbar.
RP493: 2011-04-01 10:42:38 - Removed Music Oasis
RP494: 2011-04-01 12:11:58 - Software Distribution Service 3.0
RP495: 2011-04-02 12:36:27 - System Checkpoint
RP496: 2011-04-03 13:36:20 - System Checkpoint
RP497: 2011-04-04 14:41:50 - System Checkpoint
RP498: 2011-04-05 11:38:46 - Removed WOT for Internet Explorer
RP499: 2011-04-06 12:01:09 - System Checkpoint
RP500: 2011-04-07 10:21:05 - Removed NetAssistant
RP501: 2011-04-07 11:15:38 - Removed Ask Toolbar.
RP502: 2011-04-08 11:54:59 - System Checkpoint
RP503: 2011-04-09 12:25:09 - System Checkpoint
RP504: 2011-04-10 12:25:48 - System Checkpoint
RP505: 2011-04-11 15:29:25 - System Checkpoint
RP506: 2011-04-12 10:59:41 - Installed APC PowerChute Personal Edition 3.0
RP507: 2011-04-13 16:34:00 - System Checkpoint
RP508: 2011-04-14 16:40:14 - System Checkpoint
RP509: 2011-04-15 17:35:03 - System Checkpoint
RP510: 2011-04-16 18:34:58 - System Checkpoint
RP511: 2011-04-17 18:38:49 - System Checkpoint
RP512: 2011-04-18 19:34:55 - System Checkpoint
RP513: 2011-04-19 20:34:43 - System Checkpoint
RP514: 2011-04-20 20:35:29 - System Checkpoint
RP515: 2011-04-21 21:34:47 - System Checkpoint
RP516: 2011-04-22 22:34:45 - System Checkpoint
RP517: 2011-04-23 23:34:45 - System Checkpoint
RP518: 2011-04-25 00:34:43 - System Checkpoint
RP519: 2011-04-26 01:34:39 - System Checkpoint
RP520: 2011-04-27 02:34:38 - System Checkpoint
RP521: 2011-04-28 03:34:37 - System Checkpoint
RP522: 2011-04-29 04:34:33 - System Checkpoint
RP523: 2011-05-02 13:42:22 - System Checkpoint
RP524: 2011-05-03 15:02:52 - System Checkpoint
RP525: 2011-05-04 15:11:38 - System Checkpoint
RP526: 2011-05-05 16:08:54 - System Checkpoint
RP527: 2011-05-06 16:16:25 - System Checkpoint
RP528: 2011-05-07 17:08:44 - System Checkpoint
RP529: 2011-05-08 18:08:29 - System Checkpoint
RP530: 2011-05-09 18:08:46 - System Checkpoint
RP531: 2011-05-10 19:08:42 - System Checkpoint
RP532: 2011-05-11 20:08:41 - System Checkpoint
RP533: 2011-05-12 21:08:39 - System Checkpoint
RP534: 2011-05-13 22:08:36 - System Checkpoint
RP535: 2011-05-14 23:08:34 - System Checkpoint
RP536: 2011-05-16 00:08:32 - System Checkpoint
RP537: 2011-05-17 01:08:31 - System Checkpoint
RP538: 2011-05-18 02:08:27 - System Checkpoint
RP539: 2011-05-19 03:08:27 - System Checkpoint
RP540: 2011-05-20 04:08:28 - System Checkpoint
RP541: 2011-05-21 05:08:23 - System Checkpoint
RP542: 2011-05-22 06:08:21 - System Checkpoint
RP543: 2011-05-23 07:08:19 - System Checkpoint
RP544: 2011-05-24 08:08:19 - System Checkpoint
RP545: 2011-05-24 10:17:58 - ARO 2011 - Before Installation
RP546: 2011-05-24 10:18:33 - ARO 2011 - FIRST RUN
RP547: 2011-05-24 10:37:33 - ARO 2011 Tue, May 24, 11 10:37
RP548: 2011-05-25 11:08:17 - System Checkpoint
RP549: 2011-05-26 14:27:41 - System Checkpoint
RP550: 2011-05-27 15:08:13 - System Checkpoint
RP551: 2011-05-28 16:08:10 - System Checkpoint
RP552: 2011-05-29 17:08:10 - System Checkpoint
RP553: 2011-05-30 18:08:09 - System Checkpoint
RP554: 2011-05-31 19:08:07 - System Checkpoint
RP555: 2011-06-01 20:07:59 - System Checkpoint
RP556: 2011-06-02 21:07:59 - System Checkpoint
RP557: 2011-06-03 22:07:58 - System Checkpoint
RP558: 2011-06-04 23:08:00 - System Checkpoint
RP559: 2011-06-05 23:16:57 - System Checkpoint
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AIM Pro
AOL Uninstaller (Choose which Products to Remove)
APC PowerChute Personal Edition 3.0
Apple Software Update
Ask Toolbar
avast! Free Antivirus
BearShare
CCleaner
Classic Menu for Office
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Digital Content Portal
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
GameTap
Google
Google Calendar Sync
Google Chrome
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
KhalSetup
Logitech SetPoint
LogMeIn
Macromedia Flash Player
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Math Add-in for Word 2007
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.17)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NaviPlan Standard Offline 11.0.2.0
Network Assistant
NVIDIA Drivers
Plaxo Toolbar for Windows
PokerStars.net
PortfolioCenter
PortfolioCenter Management Console
QBFC3.0
Qualxserve Service Agreement
QuickBooks Pro 2006
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Relationship Manager
RetCalc 2.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RSSRadio
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows XP (KB896688)
SkillGround Game Manager
Stamps.com
Stamps.com Address Book Support for Microsoft Outlook 97-2007
Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
Stamps.com support for Microsoft Outlook 2000-2007
Stamps.com support for Microsoft Outlook 97-2007
Stamps.com support for Microsoft Word 2000-2007
SUPERAntiSpyware Free Edition
TD AMERITRADE Statements/Confirmations Manager
Total Access Memo 2003 Runtime
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wvaiper
UnHackMe 5.00 release
Update for Outlook 2007 Junk Email Filter (KB934655)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
2011-06-06 13:55:34, error: sptd [4] - Driver detected an internal error in its data structures for .
2011-06-06 13:27:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2011-06-06 13:26:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm Lbd NetworkX SASDIFSV SASKUTIL
2011-06-06 13:26:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-06-06 13:23:14, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2011-06-06 13:23:14, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
2011-06-06 13:22:14, error: SRService [104] - The System Restore initialization process failed.
2011-06-06 13:22:02, error: NETLOGON [5776] - Failed to create/open file \system32\config\netlogon.ftl with the following error: Access is denied.
2011-06-06 13:21:50, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
2011-06-01 14:36:48, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

broni · 2011/06/07

You never said:

Before we go anywhere, how exactly do you operate your computer since you can't see anything?
Click to expand...

I assume, Safe Mode works fine?

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

rpicon · 2011/06/08

yes safe mode for now but still can't see or find anything. So to open programs i use my search buttom. Everything looks empty even my c drive.

rpicon · 2011/06/08

2011/06/08 11:38:43.0794 2588 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 11:38:45.0823 2588 ================================================================================
2011/06/08 11:38:45.0823 2588 SystemInfo:
2011/06/08 11:38:45.0823 2588
2011/06/08 11:38:45.0823 2588 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/08 11:38:45.0823 2588 Product type: Workstation
2011/06/08 11:38:45.0823 2588 ComputerName: GLB-RPICON-02
2011/06/08 11:38:45.0823 2588 UserName: rpicon
2011/06/08 11:38:45.0823 2588 Windows directory: C:\WINDOWS
2011/06/08 11:38:45.0823 2588 System windows directory: C:\WINDOWS
2011/06/08 11:38:45.0823 2588 Processor architecture: Intel x86
2011/06/08 11:38:45.0823 2588 Number of processors: 2
2011/06/08 11:38:45.0823 2588 Page size: 0x1000
2011/06/08 11:38:45.0823 2588 Boot type: Normal boot
2011/06/08 11:38:45.0823 2588 ================================================================================
2011/06/08 11:38:46.0251 2588 Initialize success
2011/06/08 11:38:53.0447 2504 ================================================================================
2011/06/08 11:38:53.0447 2504 Scan started
2011/06/08 11:38:53.0447 2504 Mode: Manual;
2011/06/08 11:38:53.0447 2504 ================================================================================
2011/06/08 11:39:01.0103 2504 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/08 11:39:01.0183 2504 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/08 11:39:01.0246 2504 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/08 11:39:01.0278 2504 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/08 11:39:01.0293 2504 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/08 11:39:01.0325 2504 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/08 11:39:01.0436 2504 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/06/08 11:39:01.0452 2504 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/08 11:39:01.0468 2504 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/08 11:39:01.0500 2504 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/08 11:39:01.0531 2504 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/08 11:39:01.0547 2504 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/08 11:39:01.0579 2504 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/08 11:39:01.0595 2504 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/08 11:39:01.0611 2504 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/08 11:39:01.0626 2504 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/08 11:39:01.0658 2504 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/08 11:39:01.0674 2504 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/08 11:39:01.0706 2504 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/08 11:39:01.0721 2504 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/08 11:39:01.0753 2504 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/06/08 11:39:01.0785 2504 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/08 11:39:01.0801 2504 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/08 11:39:01.0817 2504 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/08 11:39:01.0848 2504 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/08 11:39:01.0864 2504 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/08 11:39:01.0880 2504 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/08 11:39:01.0912 2504 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/08 11:39:01.0943 2504 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/08 11:39:01.0959 2504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/08 11:39:01.0991 2504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/08 11:39:02.0023 2504 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/08 11:39:02.0023 2504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/08 11:39:02.0038 2504 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/08 11:39:02.0054 2504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/08 11:39:02.0070 2504 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/08 11:39:02.0102 2504 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/08 11:39:02.0134 2504 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/08 11:39:02.0229 2504 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/08 11:39:02.0276 2504 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/08 11:39:02.0292 2504 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/08 11:39:02.0308 2504 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/08 11:39:02.0340 2504 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/08 11:39:02.0387 2504 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/08 11:39:02.0403 2504 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/08 11:39:02.0435 2504 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/08 11:39:02.0466 2504 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/08 11:39:02.0498 2504 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/08 11:39:02.0530 2504 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/08 11:39:02.0593 2504 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/08 11:39:02.0641 2504 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/08 11:39:02.0657 2504 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/08 11:39:02.0704 2504 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/08 11:39:02.0768 2504 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/08 11:39:02.0768 2504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/08 11:39:02.0831 2504 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/08 11:39:02.0847 2504 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/08 11:39:02.0894 2504 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/08 11:39:02.0910 2504 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/08 11:39:02.0926 2504 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/08 11:39:02.0942 2504 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/08 11:39:02.0974 2504 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/06/08 11:39:02.0990 2504 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/08 11:39:03.0005 2504 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/08 11:39:03.0037 2504 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/08 11:39:03.0053 2504 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/08 11:39:03.0085 2504 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/08 11:39:03.0116 2504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/08 11:39:03.0132 2504 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/08 11:39:03.0164 2504 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
2011/06/08 11:39:03.0196 2504 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/08 11:39:03.0275 2504 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/08 11:39:03.0291 2504 HidBatt (13c0d55da4b7148ef980e130b85d9f2c) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/06/08 11:39:03.0354 2504 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/08 11:39:03.0386 2504 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/08 11:39:03.0433 2504 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/08 11:39:03.0449 2504 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/08 11:39:03.0465 2504 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/08 11:39:03.0481 2504 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/08 11:39:03.0544 2504 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
2011/06/08 11:39:03.0576 2504 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/08 11:39:03.0592 2504 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/08 11:39:03.0608 2504 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/08 11:39:03.0624 2504 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/08 11:39:03.0639 2504 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/08 11:39:03.0655 2504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/08 11:39:03.0671 2504 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/08 11:39:03.0703 2504 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/08 11:39:03.0735 2504 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/08 11:39:03.0750 2504 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/08 11:39:03.0766 2504 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/08 11:39:03.0814 2504 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/08 11:39:03.0830 2504 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/08 11:39:03.0877 2504 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/08 11:39:03.0893 2504 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/08 11:39:03.0957 2504 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/06/08 11:39:04.0004 2504 LHidKe (dd40c03d85649205ec086722474c8a63) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/06/08 11:39:04.0115 2504 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/06/08 11:39:04.0131 2504 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
2011/06/08 11:39:04.0274 2504 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/06/08 11:39:04.0353 2504 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/06/08 11:39:04.0543 2504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/08 11:39:04.0622 2504 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/08 11:39:04.0686 2504 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/08 11:39:04.0733 2504 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/08 11:39:04.0749 2504 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/08 11:39:04.0797 2504 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/08 11:39:04.0797 2504 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/08 11:39:04.0876 2504 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/08 11:39:04.0892 2504 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/08 11:39:04.0923 2504 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/08 11:39:04.0939 2504 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/08 11:39:04.0955 2504 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/08 11:39:04.0987 2504 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/08 11:39:05.0003 2504 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/08 11:39:05.0019 2504 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/08 11:39:05.0034 2504 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/08 11:39:05.0066 2504 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/08 11:39:05.0082 2504 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/08 11:39:05.0114 2504 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/08 11:39:05.0114 2504 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/08 11:39:05.0145 2504 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/08 11:39:05.0193 2504 NetworkX (60021ad064058a88457dc32a13d2948f) C:\WINDOWS\system32\ckldrv.sys
2011/06/08 11:39:05.0240 2504 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/08 11:39:05.0320 2504 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/08 11:39:05.0462 2504 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/08 11:39:05.0510 2504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/08 11:39:05.0589 2504 nv (0a83977b8909fda12e45112575a59ba7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/08 11:39:05.0668 2504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/08 11:39:05.0684 2504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/08 11:39:05.0732 2504 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/08 11:39:05.0748 2504 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/08 11:39:05.0811 2504 Partizan (8ea4ce212887d6b0c7aa367c63b55b95) C:\WINDOWS\system32\drivers\Partizan.sys
2011/06/08 11:39:05.0875 2504 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/08 11:39:05.0922 2504 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/08 11:39:05.0970 2504 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/08 11:39:06.0001 2504 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/08 11:39:06.0017 2504 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/08 11:39:06.0081 2504 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/08 11:39:06.0096 2504 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/08 11:39:06.0144 2504 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/08 11:39:06.0160 2504 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/08 11:39:06.0255 2504 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/06/08 11:39:06.0382 2504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/08 11:39:06.0556 2504 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/08 11:39:06.0762 2504 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/08 11:39:06.0778 2504 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/08 11:39:06.0778 2504 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/08 11:39:06.0794 2504 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/08 11:39:06.0810 2504 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/08 11:39:06.0921 2504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/08 11:39:06.0937 2504 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/08 11:39:06.0952 2504 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/08 11:39:06.0968 2504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/08 11:39:07.0000 2504 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/08 11:39:07.0016 2504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/08 11:39:07.0032 2504 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/08 11:39:07.0095 2504 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/08 11:39:07.0159 2504 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/08 11:39:07.0269 2504 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/08 11:39:07.0349 2504 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/06/08 11:39:07.0428 2504 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/06/08 11:39:07.0555 2504 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/08 11:39:07.0571 2504 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/08 11:39:07.0666 2504 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/08 11:39:07.0682 2504 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/08 11:39:07.0713 2504 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/08 11:39:07.0761 2504 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/08 11:39:07.0777 2504 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/08 11:39:07.0808 2504 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/08 11:39:07.0840 2504 sptd (175600c9e3e4154150bfbc192a61c1de) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/08 11:39:07.0840 2504 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 175600c9e3e4154150bfbc192a61c1de
2011/06/08 11:39:07.0856 2504 sptd - detected LockedFile.Multi.Generic (1)
2011/06/08 11:39:07.0856 2504 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/08 11:39:07.0888 2504 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/08 11:39:07.0935 2504 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/08 11:39:07.0999 2504 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/08 11:39:08.0030 2504 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/08 11:39:08.0046 2504 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/08 11:39:08.0062 2504 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/08 11:39:08.0078 2504 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/08 11:39:08.0094 2504 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/08 11:39:08.0110 2504 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/08 11:39:08.0157 2504 Tcpip (b2220c618b42a2212a59d91ebd6fc4b4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/08 11:39:08.0205 2504 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/08 11:39:08.0236 2504 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/08 11:39:08.0363 2504 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/08 11:39:08.0538 2504 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/06/08 11:39:08.0696 2504 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/08 11:39:08.0728 2504 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/08 11:39:08.0759 2504 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/08 11:39:08.0823 2504 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/08 11:39:08.0886 2504 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/08 11:39:08.0918 2504 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/08 11:39:08.0934 2504 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/08 11:39:08.0966 2504 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/08 11:39:08.0997 2504 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/08 11:39:09.0013 2504 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/06/08 11:39:09.0045 2504 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/06/08 11:39:09.0045 2504 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2011/06/08 11:39:09.0045 2504 vaxscsi - detected LockedFile.Multi.Generic (1)
2011/06/08 11:39:09.0077 2504 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/08 11:39:09.0092 2504 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/08 11:39:09.0108 2504 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/08 11:39:09.0124 2504 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/08 11:39:09.0156 2504 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/08 11:39:09.0219 2504 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/08 11:39:09.0584 2504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/08 11:39:09.0600 2504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/08 11:39:09.0679 2504 X4HSX32 (cd89071a6e7ad0e5d5c6fba70dbeca19) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
2011/06/08 11:39:09.0711 2504 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/06/08 11:39:09.0711 2504 ================================================================================
2011/06/08 11:39:09.0711 2504 Scan finished
2011/06/08 11:39:09.0711 2504 ================================================================================
2011/06/08 11:39:09.0726 2516 Detected object count: 2
2011/06/08 11:39:09.0726 2516 Actual detected object count: 2
2011/06/08 11:39:43.0918 2516 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/08 11:39:43.0918 2516 LockedFile.Multi.Generic(vaxscsi) - User select action: Skip

broni · 2011/06/08

Download and run UnHide
Let me know, if it brought any items back.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

=====================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

rpicon · 2011/06/09

yes I can see my programs files on my desktop.

rpicon · 2011/06/09

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-09 10:40:08
-----------------------------
10:40:08.262 OS Version: Windows 5.1.2600 Service Pack 2
10:40:08.262 Number of processors: 2 586 0x602
10:40:08.262 ComputerName: GLB-RPICON-02 UserName: rpicon
10:40:09.371 Initialize success
10:40:19.009 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:40:19.009 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
10:40:21.024 Disk 0 MBR read successfully
10:40:21.024 Disk 0 MBR scan
10:40:21.024 Disk 0 unknown MBR code
10:40:23.024 Disk 0 scanning sectors +312480315
10:40:23.055 Disk 0 scanning C:\WINDOWS\system32\drivers
10:40:28.334 Service scanning
10:40:29.334 Disk 0 trace - called modules:
10:40:29.334 ntkrnlpa.exe >>UNKNOWN [0x89e4b708]<<
10:40:29.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89de8ab8]
10:40:29.350 \Driver\Disk[0x89d51a08] -> IRP_MJ_CREATE -> 0x89e4b708
10:40:29.350 Scan finished successfully
10:40:49.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rick Picon\Desktop\MBR.dat "
10:40:49.609 The log file has been saved successfully to "C:\Documents and Settings\Rick Picon\Desktop\aswMBR.txt "

rpicon · 2011/06/09

ComboFix 11-06-09.01 - rpicon 2011-06-09 10:48:02.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1388 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\18865956.exe
c:\documents and settings\All Users\Application Data\VyuAmrmEfIELC.exe
c:\documents and settings\Rick Picon\Application Data\PriceGong
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rick Picon\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Rick Picon\Desktop\Windows XP Recovery.lnk
c:\documents and settings\Rick Picon\Local Settings\Application Data\.#
c:\documents and settings\Rick Picon\Start Menu\Programs\Windows XP Recovery
c:\documents and settings\Rick Picon\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\Rick Picon\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
c:\windows\system32\bszip.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-05-24 14:53 . 2011-05-24 14:53 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\GlarySoft
2011-05-24 14:25 . 2011-05-24 16:47 -------- d-----w- c:\documents and settings\Rick Picon\Local Settings\Application Data\AskToolbar
2011-05-24 14:18 . 2011-05-24 14:54 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\Sammsoft
2011-05-16 15:45 . 2011-05-16 15:45 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 14:59 . 2007-01-30 16:26 96256 ----a-w- c:\windows\system32\drivers\sptd3197.sys
2011-05-29 13:11 . 2009-03-24 16:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 14:59 . 2011-04-12 14:59 6918144 ----a-w- c:\documents and settings\Rick Picon\PCPE_3.0.msi
2011-03-11 19:16 . 2009-12-09 13:58 397856 ----a-w- c:\windows\system32\XceedZip.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 23:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 18:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
backup=c:\windows\pss\Microsoft Office Groove.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-06-11 21:17 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 11:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-07 13:15 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 12:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-21 02:36 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 13:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2006-05-10 13:48 94208 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 17:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-09 05:57 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19 15752 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19 813448 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 13:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-30 643072]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-14 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 74480]
R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-14 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011-01-10 993848]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-01-30 223128]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56109253
*NewlyCreated* - ASWMBR
*Deregistered* - 56109253
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 01:11]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
- c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
- c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
.
2011-06-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 23:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: facebook.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: novasc.org\www
TCP: DhcpNameServer = 192.168.1.113
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
Toolbar-10 - (no file)
HKCU-Run-VyuAmrmEfIELC - c:\documents and settings\All Users\Application Data\VyuAmrmEfIELC.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 10:53
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-06-09 10:55:13
ComboFix-quarantined-files.txt 2011-06-09 14:55
.
Pre-Run: 36,086,898,688 bytes free
Post-Run: 36,227,821,568 bytes free
.
- - End Of File - - 09A4ADCBE8EEC68CBB65CC585DCD811B

rpicon · 2011/06/09

since i was able to run combofix, i didnt run rKill. let me know if I still need to?

broni · 2011/06/09

yes I can see my programs files on my desktop.
Click to expand...

Nothing else missing?

Uninstall Ask Toolbar, known foistware.

Combofix log looks good now

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

rpicon · 2011/06/09

i'm not sure if I'm missing anything, at least not yet.

So far the PC is acting normal. The desktop mode was acting funny where it would desapear and all its content. But it hasn't done it recently since the combofix run.

OTL logfile created on: 2011-06-09 12:07:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Rick Picon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.43% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 33.70 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive D: | 36.96 Gb Total Space | 6.03 Gb Free Space | 16.33% Space Free | Partition Type: NTFS
Drive G: | 916.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 136.02 Gb Total Space | 53.81 Gb Free Space | 39.56% Space Free | Partition Type: NTFS
Drive T: | 136.02 Gb Total Space | 53.81 Gb Free Space | 39.56% Space Free | Partition Type: NTFS

Computer Name: GLB-RPICON-02 | User Name: rpicon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-09 12:06:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
PRC - [2011-01-13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-01-13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011-01-10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010-09-14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010-09-14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010-08-23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009-10-01 14:30:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009-10-01 14:30:10 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009-05-30 15:00:24 | 007,573,504 | ---- | M] (Gracebyte Software) -- C:\Program Files\Network Assistant\Nassi.exe
PRC - [2007-04-17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007-04-17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2005-06-17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005-04-01 21:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004-08-04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011-06-09 12:06:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
MOD - [2011-01-13 04:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006-08-25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2000-12-27 18:40:58 | 000,043,008 | ---- | M] () -- C:\Program Files\Network Assistant\hooks.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-01-13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-01-10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010-09-14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010-09-14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010-08-23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009-10-01 14:30:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007-05-23 14:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007-04-17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007-03-28 12:12:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005-06-17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005-04-01 21:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)

========== Driver Services (SafeList) ==========

DRV - [2011-01-13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-01-13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-01-13 04:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-01-13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-01-13 04:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-01-13 04:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009-10-01 14:30:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009-09-25 17:44:49 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009-06-23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009-06-23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-02-17 13:40:24 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2008-10-17 10:25:11 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-02-28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007-05-01 17:15:54 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007-01-30 12:36:42 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007-01-30 12:26:47 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006-12-29 12:30:25 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006-11-07 06:48:44 | 000,023,040 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2006-06-30 00:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006-05-10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006-05-10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006-03-07 09:07:09 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005-11-16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005-09-08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005-09-08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005-09-08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005-09-08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005-09-08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005-09-08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005-09-08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005-08-25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005-08-25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

rpicon · 2011/06/09

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search "
FF - prefs.js..browser.search.order.1: "BearShare Web Search "
FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100005
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-11 15:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-11 15:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011-04-05 14:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Extensions
[2011-06-09 12:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions
[2011-04-01 10:47:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011-04-01 10:56:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-04-01 10:56:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions\engine@conduit.com
[2010-09-14 08:48:25 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\searchplugins\BearShareWebSearch.xml
[2011-06-07 15:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006-11-16 12:22:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-06 12:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-03-01 12:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-03-12 13:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
[2010-09-14 08:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2011-06-09 10:53:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O15 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..Trusted Domains: novasc.org ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} http://www1.skillground.com/cab1831/SkillGround.cab (SkillGround Game Manager)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} https://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab (Reg Error: Key error.)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (Reg Error: Key error.)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (Reg Error: Key error.)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (Reg Error: Key error.)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} https://www.laserapp.com/dev/detect/lavdetect.ocx (Reg Error: Key error.)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Reg Error: Key error.)
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} https://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB (veoExpress.ctlVeoExpress)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-10-23 08:20:07 | 000,000,057 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011-06-09 12:06:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2011-06-09 10:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-06-09 10:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2011-06-09 10:46:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-06-09 10:46:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-06-09 10:46:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-06-09 10:46:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-06-09 10:46:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-09 10:44:48 | 004,116,742 | R--- | C] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\ComboFix.exe
[2011-06-09 10:39:51 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
[2011-06-07 11:01:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rick Picon\Recent
[2011-06-06 15:54:56 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick Picon\Desktop\mbam-setup-1.51.0.1200.exe
[2011-06-06 15:39:06 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\dds.scr
[2011-05-24 10:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Picon\Application Data\GlarySoft
[2011-05-24 10:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Picon\Start Menu\Programs\Google Chrome
[2011-05-24 10:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Picon\Application Data\Sammsoft
[2003-12-09 13:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll

========== Files - Modified Within 30 Days ==========

[2011-06-09 12:06:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2011-06-09 11:30:07 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
[2011-06-09 10:53:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-06-09 10:44:55 | 004,116,742 | R--- | M] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\ComboFix.exe
[2011-06-09 10:40:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\MBR.dat
[2011-06-09 10:39:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
[2011-06-09 10:32:30 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\unhide.exe
[2011-06-09 10:20:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011-06-09 02:30:45 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Google Chrome.lnk
[2011-06-08 16:30:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
[2011-06-08 11:38:19 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\tdsskiller.zip
[2011-06-07 11:01:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-06-07 11:00:18 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-07 10:59:26 | 000,096,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd3197.sys
[2011-06-06 15:55:04 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick Picon\Desktop\mbam-setup-1.51.0.1200.exe
[2011-06-06 15:39:07 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\dds.scr
[2011-06-06 15:38:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\MBRCheck.exe
[2011-06-06 13:12:28 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865956
[2011-06-06 13:12:25 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865956r
[2011-06-06 13:12:25 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865956
[2011-06-05 22:25:37 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-06-02 15:27:38 | 000,213,504 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-05-23 14:59:15 | 000,175,162 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\pledge acct form.pdf
[2011-05-23 12:56:07 | 000,270,633 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Check_Journal_.pdf
[2011-05-23 12:54:55 | 000,102,730 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\AffidavitDomicile.pdf
[2011-05-19 11:21:03 | 000,175,163 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\19266_1_7_Mgd_Acct_PAA_WEB22363-05-FINAL.pdf
[2011-05-19 11:20:11 | 000,174,177 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\19265_1_8_Pledged_Asset_Acct_Agree_WEB22259-04-FINAL.pdf
[2011-05-16 11:45:35 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011-05-16 11:45:35 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

========== Files Created - No Company Name ==========

[2011-06-09 10:50:06 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2011-06-09 10:50:06 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011-06-09 10:49:55 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Messenger.lnk
[2011-06-09 10:49:55 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011-06-09 10:49:55 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2011-06-09 10:49:55 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011-06-09 10:49:55 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011-06-09 10:49:55 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011-06-09 10:49:54 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk
[2011-06-09 10:49:54 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
[2011-06-09 10:49:54 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
[2011-06-09 10:49:54 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011-06-09 10:46:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-06-09 10:46:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-06-09 10:46:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-06-09 10:46:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-06-09 10:46:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-06-09 10:40:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\MBR.dat
[2011-06-09 10:35:31 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011-06-09 10:35:31 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-06-09 10:35:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011-06-09 10:35:31 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011-06-09 10:35:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011-06-09 10:35:30 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-06-09 10:35:30 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011-06-09 10:35:30 | 000,001,394 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2011-06-09 10:32:29 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\unhide.exe
[2011-06-08 11:38:10 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\tdsskiller.zip
[2011-06-07 10:24:51 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2011-06-06 13:12:25 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865956r
[2011-06-06 13:12:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865956
[2011-06-06 13:12:07 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865956
[2011-05-24 10:21:08 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Google Chrome.lnk
[2011-05-24 10:20:32 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
[2011-05-24 10:20:32 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
[2011-05-23 14:59:15 | 000,175,162 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\pledge acct form.pdf
[2011-05-23 12:56:07 | 000,270,633 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Check_Journal_.pdf
[2011-05-23 12:54:55 | 000,102,730 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\AffidavitDomicile.pdf
[2011-05-19 11:21:03 | 000,175,163 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\19266_1_7_Mgd_Acct_PAA_WEB22363-05-FINAL.pdf
[2011-05-19 11:20:11 | 000,174,177 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\19265_1_8_Pledged_Asset_Acct_Agree_WEB22259-04-FINAL.pdf
[2011-05-16 11:45:35 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2011-05-16 11:45:35 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011-01-21 07:20:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-20 18:36:30 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010-01-20 18:36:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010-01-20 18:36:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010-01-20 18:36:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-11-05 13:04:52 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2009-11-05 13:04:51 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009-09-25 17:43:14 | 000,014,763 | ---- | C] () -- C:\WINDOWS\System32\ivehybeg.com
[2009-09-25 16:27:03 | 000,018,478 | ---- | C] () -- C:\WINDOWS\System32\ubufuxozu.dat
[2009-09-25 16:27:02 | 000,015,183 | ---- | C] () -- C:\WINDOWS\ygoge.dat
[2009-08-10 14:15:12 | 001,235,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-07-13 14:05:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009-04-13 17:28:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2008-12-01 16:14:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\f9t.dat
[2008-11-21 09:21:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2008-04-16 12:23:14 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007-11-20 17:23:07 | 000,009,365 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Comma Separated Values (DOS).EML
[2007-11-20 17:19:57 | 000,009,363 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft Excel 97-2003.EML
[2007-11-20 17:18:23 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Comma Separated Values (Windows).EML
[2007-09-25 12:40:47 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2007-09-25 12:29:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007-09-25 12:29:18 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2007-09-25 12:29:18 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007-09-25 12:29:18 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007-09-25 12:29:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2007-03-09 18:28:03 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-01-30 12:36:42 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2007-01-30 12:26:47 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3197.sys
[2006-12-29 12:30:26 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006-12-28 15:14:09 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\DisspyUninstall.exe
[2006-12-15 11:05:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\xoloxexe.INI
[2006-12-13 10:26:49 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006-11-27 13:37:25 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\.mpid
[2006-11-16 12:22:05 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006-10-12 18:18:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006-10-11 09:55:04 | 000,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
[2006-07-27 13:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006-07-11 19:40:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006-07-11 18:33:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006-06-12 13:52:07 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-05-04 11:19:07 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\$_hpcst$.hpc
[2006-04-30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006-04-17 14:07:45 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-04-13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006-04-13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006-04-13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006-04-11 11:03:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-04-11 09:55:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-03-31 14:38:49 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\fusioncache.dat
[2006-03-31 14:24:58 | 000,000,550 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-03-07 09:18:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-03-07 09:14:39 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-03-07 09:12:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006-03-07 09:11:00 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006-03-07 09:06:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006-03-07 08:45:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006-03-07 08:44:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-11-10 10:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004-08-11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004-08-11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-11 19:06:43 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-11 19:00:30 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-08-11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-11 19:00:28 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-11 19:00:28 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-11 19:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

rpicon · 2011/06/09

[2011-02-14 17:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-10 12:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011-04-07 10:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2006-09-18 11:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Centric Services
[2011-02-10 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009-12-07 17:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-10-01 13:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007-09-11 13:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009-02-03 14:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008-11-28 12:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011-02-10 15:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006-10-09 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Money Tree Software
[2008-01-16 17:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007-03-14 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006-09-13 14:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2006-12-15 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009-06-08 15:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
[2010-01-20 18:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2007-03-14 15:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2011-06-09 12:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-07-22 14:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UTour Golf
[2010-03-26 14:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008-12-01 16:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2011-04-07 10:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
[2008-12-01 16:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2008-12-01 16:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
[2008-12-01 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
[2009-08-17 10:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dfederman\Application Data\Gracebyte Software
[2007-06-25 11:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwalsh\Application Data\Windows Desktop Search
[2006-04-11 11:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\acccore
[2006-11-01 09:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\AIM
[2006-11-01 09:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\AIMPro
[2011-04-05 14:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Azureus
[2007-06-22 11:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\BitTorrent
[2011-04-01 11:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\bsbandmltbpi
[2011-04-05 14:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\FrostWire
[2011-05-24 10:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\GlarySoft
[2006-04-11 11:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Gracebyte Software
[2007-01-30 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Leadertech
[2007-03-08 17:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\LinkedIn
[2007-09-24 16:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\MegauploadToolbar
[2006-10-13 11:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Money Tree Software
[2007-03-14 15:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\PlayFirst
[2009-01-23 18:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\PowerChallenge
[2007-11-16 13:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\RSSRadio
[2007-11-16 13:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\RSSRadio.local
[2011-05-24 10:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Sammsoft
[2009-11-04 15:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Serif
[2008-01-18 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Sigaba
[2009-01-21 16:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Simply Super Software
[2008-05-08 14:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\SmartDraw
[2008-12-01 16:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Stamps.com Internet Postage
[2007-03-02 15:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\System Restore

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006-11-03 13:35:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010-11-16 11:28:48 | 000,011,123 | ---- | M] () -- C:\aaw7boot.log
[2006-11-13 12:55:17 | 000,000,584 | ---- | M] () -- C:\AribaGLBletterhead.LNK
[2009-01-22 14:30:36 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011-03-09 17:51:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004-08-04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011-06-09 10:55:13 | 000,018,653 | ---- | M] () -- C:\ComboFix.txt
[2004-08-11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-11-18 18:58:15 | 000,210,508 | ---- | M] () -- C:\coreuninstall.log
[2006-03-07 08:50:18 | 000,006,370 | R--- | M] () -- C:\dell.sdr
[2006-11-13 12:55:17 | 000,000,419 | ---- | M] () -- C:\GLB.LNK
[2011-06-07 11:00:18 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2006-04-04 13:32:01 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004-08-11 19:15:00 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2011-03-01 12:42:22 | 000,029,459 | ---- | M] () -- C:\JavaRa.log
[2004-08-11 19:15:00 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004-08-04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011-06-07 11:00:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007-03-14 16:10:08 | 000,065,894 | ---- | M] () -- C:\playground.log
[2006-11-27 11:46:50 | 000,001,089 | ---- | M] () -- C:\PortfolioCenter Relationship Manager.LNK
[2010-07-01 10:29:12 | 000,000,375 | ---- | M] () -- C:\rkill.log
[2011-03-02 17:53:46 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2011-03-04 14:13:43 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2011-03-07 18:07:19 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2011-03-07 18:30:52 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2011-03-07 18:42:21 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2011-03-09 17:42:16 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2011-03-02 17:53:46 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2011-03-04 14:13:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2011-03-07 18:07:19 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2011-03-07 18:30:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2011-03-07 18:42:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2011-03-09 17:42:16 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2005-10-31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006-03-07 09:07:29 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2008-07-30 10:54:21 | 001,981,268 | ---- | M] () -- C:\t3_us_standard.zip
[2011-06-08 11:41:31 | 000,054,970 | ---- | M] () -- C:\TDSSKiller.2.5.4.0_08.06.2011_11.38.43_log.txt
[2008-06-06 11:17:40 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2008-07-30 19:31:13 | 003,188,440 | ---- | M] (ParetoLogic Inc.) -- C:\XoftSpySE_Setup_RW.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004-08-11 19:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009-10-01 14:30:14 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2004-03-22 16:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011-01-13 04:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004-08-11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-08-11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-08-11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004-08-11 19:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011-06-09 10:39:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
[2011-06-09 10:44:55 | 004,116,742 | R--- | M] (Swearware) -- C:\Documents and Settings\Rick Picon\Desktop\ComboFix.exe
[2011-03-08 12:10:00 | 000,252,991 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\FHSetup.exe
[2010-07-21 16:53:12 | 008,581,360 | ---- | M] (Mozilla) -- C:\Documents and Settings\Rick Picon\Desktop\Firefox Setup 3.6.7.exe
[2009-07-07 15:18:01 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Picon\Desktop\HiJackThis.exe
[2010-07-06 12:56:09 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rick Picon\Desktop\jxpiinstall.exe
[2010-06-30 10:37:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick Picon\Desktop\mbam-setup-1.46.exe
[2011-06-06 15:55:04 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick Picon\Desktop\mbam-setup-1.51.0.1200.exe
[2011-06-06 15:38:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\MBRCheck.exe
[2011-06-09 12:06:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2011-04-12 10:57:57 | 007,501,176 | ---- | M] (American Power Conversion) -- C:\Documents and Settings\Rick Picon\Desktop\PCPE Setup.exe
[2011-03-04 14:07:40 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\SecurityCheck.exe
[2011-03-04 14:12:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\TFC.exe
[2011-02-23 15:29:40 | 029,913,267 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Rick Picon\Desktop\tt11014.exe
[2011-06-09 10:32:30 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\unhide.exe
[2011-02-11 16:02:51 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\vvi1j13j.exe
[2011-03-09 12:51:01 | 117,051,408 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\w_turbotax_1040_hab_2010.110.0100.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011-04-01 10:31:08 | 008,145,350 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Rick Picon\My Documents\frostwire-4.21.5.windows.exe

< %USERPROFILE%\*.exe >
[2007-11-02 12:50:05 | 000,630,784 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Rick Picon\GoToAssist_chat2way__320_en.exe
[2010-03-11 12:35:33 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Rick Picon\gotomypc_533.exe

< %systemroot%\ADDINS\*.* >
[2004-08-04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006-03-31 13:55:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rick Picon\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009-12-08 19:29:03 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-03-09 14:26:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Rick Picon\Cookies\desktop.ini
[2011-06-09 12:05:25 | 002,129,920 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006-11-01 19:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004-08-04 07:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004-08-04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004-08-04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004-08-04 03:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004-08-04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004-10-13 12:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004-08-04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004-08-04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004-08-04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004-08-04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-08-04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP282699C

< End of report >

broni · 2011/06/09

Good news

I still need Extras.txt.

rpicon · 2011/06/09

OTL Extras logfile created on: 2011-06-09 12:07:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Rick Picon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.43% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 33.70 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive D: | 36.96 Gb Total Space | 6.03 Gb Free Space | 16.33% Space Free | Partition Type: NTFS
Drive G: | 916.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 136.02 Gb Total Space | 53.81 Gb Free Space | 39.56% Space Free | Partition Type: NTFS
Drive T: | 136.02 Gb Total Space | 53.81 Gb Free Space | 39.56% Space Free | Partition Type: NTFS

Computer Name: GLB-RPICON-02 | User Name: rpicon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3393:TCP" = 3393:TCP:*:Enabled:RDP
"135:TCP" = 135:TCP:*:EnabledCOM
"17450:TCP" = 17450:TCP:*:Enabled:BitComet 17450 TCP
"17450:UDP" = 17450:UDP:*:Enabled:BitComet 17450 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:EnabledCOM
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"3393:TCP" = 3393:TCP:*:Enabled:RD-Rick
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Network Assistant\Nassi.exe" = C:\Program Files\Network Assistant\Nassi.exe:*:Enabled:Network Assistant (Nassi) -- (Gracebyte Software)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe:*:Enabled:SPTServer.exe -- (Schwab Performance Technologies)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe:*:EnabledortfolioCenter -- (Schwab Performance Technologies, Inc.,)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SkillGround\Games\UTG\Main.exe" = C:\Program Files\SkillGround\Games\UTG\Main.exe:*:Enabled:UTG -- ()
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabledersonal E-mail Scanner
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1144767884\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1144767884\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1144767884\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1144767884\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Network Assistant\Nassi.exe" = C:\Program Files\Network Assistant\Nassi.exe:*:Enabled:Network Assistant (Nassi) -- (Gracebyte Software)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe:*:Enabled:SPTServer.exe -- (Schwab Performance Technologies)
"C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe" = C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe:*:EnabledortfolioCenter -- (Schwab Performance Technologies, Inc.,)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Xolox\mldonkey\mlnet.exe" = C:\Program Files\Xolox\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon -- ()
"C:\Program Files\Xolox\XoloxEXE.exe" = C:\Program Files\Xolox\XoloxEXE.exe:*:Enabled:Xolox -- (Streamcast)
"C:\Program Files\AIM\AIM Pro\aimpro.exe" = C:\Program Files\AIM\AIM Pro\aimpro.exe:*:Enabled:AIM Pro -- (WebEx)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}" = PortfolioCenter
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3592F5CB-B524-43AA-92F2-2377268199CC}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{3D8EB268-2B1D-48E7-8BA3-59A20545E459}" = RSSRadio
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{47D0C5E6-9FBA-49DB-8F88-BFAA5BA38646}" = Microsoft Math Add-in for Word 2007
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}" = PortfolioCenter Management Console
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{812A8682-4387-11D7-B10D-0001022C9950}" = TD AMERITRADE Statements/Confirmations Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8921F70E-C2D6-4FEB-8BD5-EFB1F862BC2B}" = LogMeIn
"{8984E374-6C93-427C-A3B9-AD92472FDCA0}" = Windows Live Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C4C5D78-B60F-448C-96FC-440EAE5C8680}" = NaviPlan Standard Offline 11.0.2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{17591192-46BD-4038-8D12-4B2B8CAFAC27}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}" = AIM Pro
"{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2007
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCAB7B54-ED8D-4D6D-A5FA-F7A21F3B2176}" = Relationship Manager
"Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

rpicon · 2011/06/09

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast5" = avast! Free Antivirus
"BearShare" = BearShare
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Content Uploader" = DivX Content Uploader
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Calendar Sync" = Google Calendar Sync
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}" = PortfolioCenter
"InstallShield_{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}" = PortfolioCenter Management Console
"InstallShield_{FCAB7B54-ED8D-4D6D-A5FA-F7A21F3B2176}" = Relationship Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Network Assistant_is1" = Network Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Plaxo" = Plaxo Toolbar for Windows
"PokerStars.net" = PokerStars.net
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SkillGround" = SkillGround Game Manager
"ST6UNST #1" = RetCalc 2.0
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"Stamps.com support for Microsoft Outlook 97-2007" = Stamps.com support for Microsoft Outlook 97-2007
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"Total Access Memo 2003 Runtime" = Total Access Memo 2003 Runtime
"TurboTax 2010" = TurboTax 2010
"UnHackMe_is1" = UnHackMe 5.00 release
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-06-08 20:22:06 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-08 22:11:10 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 00:05:08 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 02:00:02 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 03:46:00 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 05:25:58 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 07:00:57 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 08:45:55 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 10:20:53 | Computer Name = GLB-RPICON-02 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 2011-06-09 10:49:53 | Computer Name = GLB-RPICON-02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ OSession Events ]
Error - 2010-08-18 12:17:35 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 610516
seconds with 11700 seconds of active time. This session ended with a crash.

Error - 2010-10-12 06:58:34 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2392825
seconds with 26280 seconds of active time. This session ended with a crash.

Error - 2010-11-16 11:27:32 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 81390
seconds with 2880 seconds of active time. This session ended with a crash.

Error - 2011-01-09 02:26:55 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1600124
seconds with 17940 seconds of active time. This session ended with a crash.

Error - 2011-01-19 14:46:48 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 77410
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 2011-01-19 15:25:50 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2334
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2011-01-19 15:31:35 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 338
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2011-03-29 23:33:33 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 131167
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 2011-04-14 23:25:00 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 218863
seconds with 6840 seconds of active time. This session ended with a crash.

Error - 2011-04-29 12:46:20 | Computer Name = GLB-RPICON-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1208222
seconds with 7320 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-06-07 11:03:35 | Computer Name = GLB-RPICON-02 | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 2011-06-07 16:27:08 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-07 21:49:02 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-08 02:59:22 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-08 08:24:27 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-08 13:04:00 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-08 18:24:00 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-09 00:05:08 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-09 05:25:58 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

Error - 2011-06-09 09:57:02 | Computer Name = GLB-RPICON-02 | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5

< End of report >

Log in or Sign up

Solved All my progams were deleted by virus. I have a black screan

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

Share This Page

Log in or Sign up

Solved All my progams were deleted by virus. I have a black screan

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

Share This Page

Useful Searches