Inactive A strange virus problem

pilotgal8 · 2010/07/11

ComboFix 10-07-11.02 - Dan Stout 07/11/2010 16:00:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1319 [GMT -4:00]
Running from: c:\documents and settings\Dan Stout\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dan Stout\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: iolo System Shield *On-access scanning disabled* (Outdated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat "
"c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 09:00 . 2010-07-11 09:00 503808 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63a204bb-n\msvcp71.dll
2010-07-11 09:00 . 2010-07-11 09:00 499712 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63a204bb-n\jmc.dll
2010-07-11 09:00 . 2010-07-11 09:00 348160 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63a204bb-n\msvcr71.dll
2010-07-11 09:00 . 2010-07-11 09:00 61440 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-302c1d18-n\decora-sse.dll
2010-07-11 09:00 . 2010-07-11 09:00 12800 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-302c1d18-n\decora-d3d.dll
2010-07-11 09:00 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 17:07 . 2010-07-09 17:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-09 17:03 . 2010-07-09 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-08 17:01 . 2010-07-08 17:01 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 17:00 . 2010-07-08 17:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-01 14:01 . 2010-07-01 14:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-01 14:00 . 2010-07-01 14:00 -------- d-----w- c:\program files\NOS
2010-07-01 14:00 . 2010-07-01 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 19:14 . 2010-07-09 17:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-27 16:14 . 2010-06-27 16:14 -------- d-----w- c:\documents and settings\Dan Stout\Local Settings\Application Data\V-Safe 100

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 19:54 . 2008-05-03 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-07-11 17:07 . 2008-05-05 13:33 -------- d-----w- c:\program files\BOINC
2010-07-11 14:24 . 2009-12-17 19:06 117760 ----a-w- c:\documents and settings\Dan Stout\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-11 08:59 . 2008-04-25 17:48 -------- d-----w- c:\program files\Java
2010-07-11 08:54 . 2008-04-25 17:47 -------- d-----w- c:\program files\Common Files\Java
2010-07-10 13:45 . 2008-04-25 00:16 -------- d-----w- c:\program files\RegScrubXP
2010-06-19 20:04 . 2008-07-09 14:10 1539 ----a-w- c:\documents and settings\Dan Stout\Application Data\iolo\restore.bat
2010-06-09 09:56 . 2008-04-25 00:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 15:04 . 2009-06-24 18:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 12:27 . 2008-05-04 10:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 12:27 . 2008-04-25 00:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-29 15:43 . 2010-05-07 18:03 256 ----a-w- c:\windows\system32\pool.bin
2010-05-28 16:59 . 2010-05-28 16:47 -------- d-----w- c:\documents and settings\Dan Stout\Application Data\Download Manager
2010-05-26 12:49 . 2008-05-01 11:54 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\documents and settings\Dan Stout\Application Data\Malwarebytes
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-06 10:41 . 2006-09-28 00:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-09-28 00:01 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-17 12:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-17 12:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 15:01 . 2009-10-15 12:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-25 14:58 . 2010-04-25 14:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 18:54 . 2008-05-03 13:04 2316712 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-20 20:40 . 2010-05-03 09:52 490408 ----a-w- c:\documents and settings\Dan Stout\Application Data\iolo\IRestartStub.exe
2010-04-20 05:30 . 2006-09-28 00:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2002-09-11 14:26 . 2008-07-11 15:00 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-09 1576176]
"Google Update "= "c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-14 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-16 864112]
"SetDefPrt "= "c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0 "= "c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\Dan Stout\Start Menu\Programs\Startup\
OddATC Client.lnk - c:\windows\Installer\{245603B0-960E-45C7-BCBA-37B4E1BE694C}\_5AB6AF14459EC6F53F541E.exe [2009-4-18 766]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-25 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
World Community Grid - BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-17 3874816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-09 21:19 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 13:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/24/2009 2:04 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 6:34 AM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2008 6:34 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 OddATC Service;OddATC Service;c:\program files\OddATC\OddService.exe [7/29/2007 7:13 PM 61440]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/15/2010 9:35 AM 308064]
S2 hpdj00;hpdj00;c:\docume~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 7200 series -product=aio --> c:\docume~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 7200 series -product=aio [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - AMP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:01]

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-02 20:09]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005Core.job
- c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:50]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005UA.job
- c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com
Trusted Zone: turbotax.com
TCP: {6885A14A-0459-4B6F-AF59-37FF5321123B} = 4.2.2.2,4.2.2.1
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Dan Stout\Application Data\Mozilla\Firefox\Profiles\gne80zrv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en|http://www.google.com/firefox?clien...ient=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 16:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\DANSTO~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\iavlsp.dll
.
Completion time: 2010-07-11 16:07:43
ComboFix-quarantined-files.txt 2010-07-11 20:07
ComboFix2.txt 2010-07-11 17:22
ComboFix3.txt 2010-07-10 10:06

Pre-Run: 437,194,420,224 bytes free
Post-Run: 437,186,039,808 bytes free

- - End Of File - - D4843128E6D02206E92391EE1BCD04A7

Left Combofix running, when I returned the log file was available for saving but couldn't activate anything else, mouse didn't start anything & task bar was not available, hidden but couldn't be re-activated, so restart required.

broni · 2010/07/11

I assume, everything is fine after restart?
Combofix log looks fine.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===========================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

pilotgal8 · 2010/07/12

OTL logfile created on: 7/12/2010 3:19:18 AM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Dan Stout\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 411.88 Gb Free Space | 88.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.89 Gb Total Space | 1.06 Gb Free Space | 55.77% Space Free | Partition Type: FAT

Computer Name: PREFERRE-901505
Current User Name: Dan Stout
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/12 02:31:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Stout\desktop\OTL.exe
PRC - [2010/06/16 11:01:17 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/03 08:28:07 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/03 08:27:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/03 08:27:52 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/03 08:25:16 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 08:25:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/28 03:42:49 | 001,642,496 | ---- | M] () -- C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.08_windows_intelx86
PRC - [2010/03/15 09:35:09 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 17:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 17:44:22 | 003,874,816 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2008/03/17 17:38:28 | 000,430,080 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/29 19:13:28 | 000,061,440 | ---- | M] () -- C:\Program Files\OddATC\OddService.exe
PRC - [2007/07/29 19:13:12 | 000,061,440 | ---- | M] () -- C:\Program Files\OddATC\OddWorker.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/01/07 18:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

========== Modules (SafeList) ==========

MOD - [2010/07/12 02:31:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Stout\desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -- (hpdj00)
SRV - [2010/07/01 13:17:47 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/15 09:35:09 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/29 19:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\OddATC\OddService.exe -- (OddATC Service)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DANSTO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/06 11:04:14 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/03 08:27:54 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 08:27:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/15 09:33:15 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/10 06:07:49 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/10/16 16:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 22:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/30 11:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/14 13:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/01/19 04:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 23:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/09/25 01:32:40 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/09/25 01:29:52 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/11 11:00:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.SYS -- (MTsensor)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA A6 FE CB B2 DF C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial|http://www.google.com/ig?hl=en|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/04 06:05:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 05:10:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 05:00:02 | 000,000,000 | ---D | M]

[2009/03/05 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Mozilla\Extensions
[2009/03/05 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/10 20:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Mozilla\Firefox\Profiles\gne80zrv.default\extensions
[2009/07/14 10:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan Stout\Application Data\Mozilla\Firefox\Profiles\gne80zrv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/11 05:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 05:00:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/07/11 16:04:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - Startup: C:\Documents and Settings\Dan Stout\Start Menu\Programs\StartUp\OddATC Client.lnk = C:\WINDOWS\Installer\{245603B0-960E-45C7-BCBA-37B4E1BE694C}\_5AB6AF14459EC6F53F541E.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228839069159 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228839054565 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Stout\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Stout\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/28 08:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/12 02:31:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Stout\Desktop\OTL.exe
[2010/07/12 02:31:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/12 02:26:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/10 04:55:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 04:50:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/01 13:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/01 13:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/01 10:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/01 10:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/01 09:57:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/27 12:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\V-Safe 100
[2010/05/28 12:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Stout\Application Data\Download Manager
[2010/05/17 08:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Stout\Application Data\Malwarebytes
[2010/05/17 08:26:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/17 08:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/17 08:26:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/17 08:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/15 09:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/11 06:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/05/07 14:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Stout\Application Data\Research In Motion
[2010/05/07 13:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/07 13:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/05/07 13:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/05/04 13:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2010/05/04 13:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung
[2010/05/04 13:48:07 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2010/05/04 13:48:07 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2010/05/04 13:47:44 | 000,151,552 | ---- | C] (SS) -- C:\WINDOWS\System32\cl31cci.exe
[2010/05/04 13:47:44 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\cl31cci.dll
[2010/05/04 13:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/05/03 07:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Stout\My Documents\Downloads
[2010/04/25 10:59:03 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/25 10:53:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

========== Files - Modified Within 90 Days ==========

[2010/07/12 03:08:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005UA.job
[2010/07/12 02:31:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Stout\Desktop\OTL.exe
[2010/07/11 20:08:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005Core.job
[2010/07/11 17:10:54 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\Dan Stout\Start Menu\Programs\StartUp\OddATC Client.lnk
[2010/07/11 17:09:04 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/07/11 17:08:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/11 17:06:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 17:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 17:06:30 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 17:03:57 | 009,347,072 | ---- | M] () -- C:\Documents and Settings\Dan Stout\ntuser.dat
[2010/07/11 17:03:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan Stout\ntuser.ini
[2010/07/11 16:04:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/11 16:04:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/11 10:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/11 10:29:25 | 061,877,765 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/10 19:24:50 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/10 11:32:14 | 002,641,826 | -H-- | M] () -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\IconCache.db
[2010/07/10 05:49:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-094943.backup
[2010/07/10 04:55:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/09 13:16:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/30 12:06:26 | 000,001,021 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2010/06/30 12:06:26 | 000,000,108 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2010/06/24 10:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 06:23:50 | 000,409,121 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100630-101738.backup
[2010/06/17 10:59:19 | 000,005,453 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\Visor.rtf
[2010/06/16 10:31:53 | 000,408,995 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100624-062350.backup
[2010/06/13 10:32:21 | 000,000,050 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2010/06/09 05:57:04 | 001,328,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 05:49:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 05:37:14 | 000,535,402 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/09 05:37:14 | 000,465,876 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/09 05:37:14 | 000,079,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 05:22:27 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 11:04:14 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/03 08:27:54 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 08:27:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/02 14:02:02 | 000,088,526 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\ViewerX.alb
[2010/06/02 13:58:33 | 000,003,641 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\American Flag.jpg
[2010/06/02 11:12:34 | 000,404,234 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-103153.backup
[2010/05/29 11:43:37 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/29 10:36:40 | 000,708,321 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\LoaderBackup-(2010-05-29).ipd
[2010/05/29 09:37:33 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\pool.bin
[2010/05/29 09:37:13 | 000,692,944 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\Backup-(2010-05-29).ipd
[2010/05/29 09:29:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/05/27 10:44:19 | 000,397,500 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100602-111233.backup
[2010/05/26 08:49:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2010/05/19 10:52:46 | 000,395,860 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100527-104419.backup
[2010/05/16 13:02:21 | 000,395,762 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-105246.backup
[2010/05/07 13:54:10 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/05/06 18:51:35 | 000,103,520 | ---- | M] () -- C:\fraglist.luar
[2010/05/05 12:34:32 | 000,393,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100516-130221.backup
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:44:04 | 000,393,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100505-123432.backup
[2010/04/28 11:01:35 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/25 10:58:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/22 07:32:49 | 000,393,270 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100428-124404.backup
[2010/04/21 14:54:28 | 002,316,712 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/17 09:02:17 | 000,392,512 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100422-073249.backup

========== Files Created - No Company Name ==========

[2010/07/11 03:52:04 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 04:55:11 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/30 15:14:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/29 14:38:33 | 009,347,072 | ---- | C] () -- C:\Documents and Settings\Dan Stout\ntuser.dat
[2010/06/17 03:33:15 | 000,005,453 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\Visor.rtf
[2010/06/02 14:01:56 | 000,003,641 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\American Flag.jpg
[2010/05/29 10:36:40 | 000,708,321 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\LoaderBackup-(2010-05-29).ipd
[2010/05/29 09:37:33 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\pool.bin
[2010/05/29 09:37:00 | 000,692,944 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\Backup-(2010-05-29).ipd
[2010/05/07 14:03:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/05/07 13:54:10 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/05/06 18:51:35 | 000,103,520 | ---- | C] () -- C:\fraglist.luar
[2010/05/04 13:49:40 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/05/04 13:47:56 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico
[2010/05/04 13:47:50 | 000,005,430 | ---- | C] () -- C:\WINDOWS\AnyWeb Print.ico
[2010/05/04 13:47:44 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/05/04 13:47:44 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.smt
[2010/01/30 10:23:42 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2010/01/09 12:40:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/21 06:31:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/21 06:28:40 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/31 16:54:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/05/31 16:54:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/05/09 12:12:07 | 000,000,096 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/26 15:00:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/01/26 14:56:37 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2009/01/26 14:56:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/01/26 14:56:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/01/21 17:19:05 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/01/21 17:19:05 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/01/21 17:19:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/01/21 17:19:05 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/21 17:18:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/07/11 12:03:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/07/11 10:59:50 | 000,000,085 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/05/08 11:54:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/03 16:50:09 | 000,000,488 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2008/05/03 09:04:28 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/05/03 08:59:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/04/25 17:05:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2008/04/25 11:03:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2008/04/25 06:18:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/13 07:08:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/12 15:24:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/11 11:00:00 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.SYS
[2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/01/01 00:17:30 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010/01/15 14:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2009/05/28 11:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/09/22 11:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/10/25 15:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/12/14 18:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/12/14 18:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/01/03 12:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/05/09 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/10/19 11:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/09 12:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/11 15:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/05/07 08:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/05/13 09:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/04/01 11:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/07 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/07/21 06:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/05/09 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/05/01 07:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/01/10 09:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/25 10:53:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/12 11:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/04/15 09:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Argali
[2008/09/18 05:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Broderbund Software
[2008/07/06 10:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 06:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\GlarySoft
[2008/12/09 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\InfraRecorder
[2010/05/03 05:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\iolo
[2008/05/03 16:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\iScreensaver
[2009/03/14 06:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\LimeWire
[2008/08/01 14:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Nikon
[2009/01/26 15:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\pdf995
[2010/05/07 14:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Research In Motion
[2010/01/05 09:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Vso
[2008/07/24 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Windows Desktop Search
[2008/07/26 17:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Windows Search
[2010/07/11 10:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/11 17:09:04 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/07/11 17:06:17 | 000,023,839 | ---- | M] () -- C:\aaw7boot.log
[2006/09/28 08:29:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/10 04:55:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/11 16:07:44 | 000,019,819 | ---- | M] () -- C:\ComboFix.txt
[2006/09/28 08:29:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/03/12 15:09:30 | 000,000,037 | ---- | M] () -- C:\DISEBKUP.FLG
[2010/05/06 18:51:35 | 000,103,520 | ---- | M] () -- C:\fraglist.luar
[2010/07/11 17:06:30 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/28 08:29:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/28 08:29:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/31 08:34:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/02 10:45:36 | 000,101,170 | ---- | M] () -- C:\OTL.Txt
[2010/07/11 17:06:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/12/14 18:33:32 | 000,000,199 | ---- | M] () -- C:\setup.log
[2008/04/02 01:23:10 | 000,059,608 | ---- | M] () -- C:\SIGNED.TXT
[2008/04/02 01:23:10 | 000,089,322 | ---- | M] () -- C:\SIGVERIF.TXT
[2008/12/14 18:33:24 | 000,000,851 | ---- | M] () -- C:\tempbmm.iss
[2008/04/02 01:23:10 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT
[2008/04/02 01:23:10 | 000,029,716 | ---- | M] () -- C:\UNSCANNED.TXT
[2008/04/02 01:21:18 | 000,000,002 | ---- | M] () -- C:\UNSIGNED.TXT
[2008/07/10 15:08:02 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/08/14 03:40:20 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cl31cpc.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/30 05:00:00 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/09/28 08:21:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/28 08:21:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/28 08:21:06 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 05:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

This from second run of OTL. first was interrupted by error 'access violation @address 0040295B in OTL.exe "

extras.txt not created on second run of OTL.

broni · 2010/07/12

That's fine.

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
[2010/07/12 02:31:54 | 000,000,000 | --SD | C] -- C:\ComboFix


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

pilotgal8 · 2010/07/12

All processes killed
========== OTL ==========
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ComboFix folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Dan Stout
->Temp folder emptied: 124752357 bytes
->Temporary Internet Files folder emptied: 37569863 bytes
->Java cache emptied: 28824519 bytes
->FireFox cache emptied: 80327946 bytes
->Flash cache emptied: 77476 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245760 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 3325 bytes

User: Rosemary
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 7622403 bytes
->Flash cache emptied: 348 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 680960 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33148 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 681812 bytes

Total Files Cleaned = 268.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Dan Stout
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Rosemary
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07122010_233625

Files\Folders moved on Reboot...
C:\Documents and Settings\Dan Stout\Local Settings\Temporary Internet Files\Content.IE5\FYZO0T7V\93821-active-strange-virus-problem-2[1].html moved successfully.
C:\Documents and Settings\Dan Stout\Local Settings\Temporary Internet Files\Content.IE5\FYZO0T7V\mail[2].htm moved successfully.
C:\Documents and Settings\Dan Stout\Local Settings\Temporary Internet Files\Content.IE5\3K5HTMVZ\mail[1].htm moved successfully.
C:\Documents and Settings\Dan Stout\Local Settings\Temporary Internet Files\Content.IE5\16OOBI7R\mail[1].htm moved successfully.
C:\Documents and Settings\Dan Stout\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1390.dat not found!

Registry entries deleted on Reboot...

broni · 2010/07/12

Very good

Last scan....

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

pilotgal8 · 2010/07/13

Ran TFC & rebooted. Kaspersky wants Java Framework 1.5 or later. On the Java site it shows up-to-date with Java Ver 6.20 Search on Java site shows no answer for Framework. Kasper site won't allow me to accept it's running without this Java install, so I'm at a loss.

broni · 2010/07/13

Run this instead...

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

broni · 2010/07/19

Are you still out there?

Log in or Sign up

Inactive A strange virus problem

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive A strange virus problem

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches