Solved Google Search Link opens to random sites

??????

 

haha its okay . so i tried rebooting twice and both times after is selected recovery mode it would do the loading on the bottom and right towards the end it owuld stop and go to a black screen saying "The file AIC78U2.SY_ is corrupted. Press any key to continue. "

 

is poweriso the same as imgburn?

 

to boot to the cd do i have to restart the computer??

 

SystemLook 04.09.10 by jpshortstuff
Log created at 01:26 on 23/12/2010 by Paul
Administrator - Elevation successful

========== filefind ==========

Searching for "winlogon.exe "
C:\winlogon.exe --a---- 507904 bytes [07:36 21/03/2008] [07:36 21/03/2008] B8135E9ED99A0858DF535CE0A0271558
C:\I386\winlogon.exe --a---- 429056 bytes [03:47 01/11/2002] [15:54 21/02/2002] C605FFF733AAD029D6B533E609C8A6E6
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -----c- 502272 bytes [03:06 22/02/2004] [07:56 04/08/2004] 47FE4E46795B261E1353447D0064B661
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe -----c- 507904 bytes [05:39 19/08/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SYSTEM32\winlogon.exe --a---- 507904 bytes [21:50 25/06/2002] [05:29 23/12/2010] 14EE0F586D4B26605BEA5FCC085E1BCF

-= EOF =-

 

ComboFix 10-12-23.01 - Paul 12/23/2010 11:41:03.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.592 [GMT -6:00]
Running from: c:\documents and settings\Paul\Desktop\Windowsbbs\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winlogon.exe

c:\windows\system32\winlogon.exe . . . is infected!!

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2067-02-24 21:21 . 2003-02-05 10:02 79947 ----a-w- c:\windows\fw20.vxd
2010-12-23 09:08 . 2010-12-23 09:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-23 06:37 . 2010-12-23 06:37 -------- d-----w- c:\documents and settings\Paul\Application Data\ImgBurn
2010-12-23 06:34 . 2010-12-23 06:34 -------- d-----w- c:\program files\ImgBurn
2010-12-21 05:03 . 2010-12-21 05:05 -------- d-----w- c:\program files\iTunes
2010-12-13 05:44 . 2009-01-26 05:36 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-12-13 05:44 . 2009-01-26 05:36 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-12-13 05:44 . 2010-12-13 07:15 -------- d-----w- c:\program files\Cheat Engine
2010-12-13 00:02 . 2010-12-13 00:02 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2010-12-13 00:01 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 00:01 . 2010-12-13 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-13 00:01 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 00:01 . 2010-12-13 00:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:36 . 2010-12-05 18:36 -------- d-----w- c:\documents and settings\Paul\Application Data\Logitech
2010-12-05 07:20 . 2010-12-05 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-05 06:24 . 2010-12-05 07:03 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\WMTools Downloaded Files
2010-12-05 05:52 . 2010-12-05 05:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-05 05:50 . 2010-12-05 05:50 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\AOL OCP
2010-12-05 05:50 . 2010-12-05 05:50 -------- d-----w- c:\program files\AIM6
2010-12-05 05:29 . 2010-12-05 05:29 -------- d--h--w- c:\windows\ie8
2010-12-05 05:26 . 2010-12-05 05:26 -------- d-----w- c:\windows\SQL9_KB960089_ENU
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\MigWiz
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\ApplicationHistory
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\Leadertech
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\Systweak
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\NCH Swift Sound
2010-12-02 04:10 . 2010-12-05 05:25 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-30 01:30 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\uTorrent
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 21:57 . 2010-12-05 06:15 -------- d-----w- c:\program files\RocketDock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 05:29 . 2002-06-25 21:50 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-12-22 20:42 . 2002-06-25 21:48 36736 ----a-w- c:\windows\system32\drivers\ultra.sys
2010-09-28 21:44 . 2009-05-17 00:10 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2009-05-17 00:10 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[-] 2010-12-23 . 14EE0F586D4B26605BEA5FCC085E1BCF . 507904 . . [5.1.2600.5508] . . c:\windows\SYSTEM32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2004-08-04 07:56 . 47FE4E46795B261E1353447D0064B661 . 502272 . . [------] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[-] 2007-06-13 . C59C3671DE1D07F89429D7B2848C94FF . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB820291$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SsAAD.exe "= "c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"UpdReg "= "c:\windows\Updreg.exe" [2000-05-11 90112]
"AHQInit "= "c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"nwiz "= "nwiz.exe" [2007-04-19 1626112]
"Logitech Utility "= "Logi_MwX.Exe" [2003-11-07 19968]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"D-Link Wireless G WUA-1340 "= "c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager "= "c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=" "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe "=
"c:\\WINDOWS\\SYSTEM32\\telnet.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23:TCP "= 23:TCP:Telnet
"67:UDP "= 67:UDPHCP Discovery Service
"1041:TCP "= 1041:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [2/6/2009 10:56 AM 106208]
R1 epfwtdir;epfwtdir;c:\windows\SYSTEM32\DRIVERS\epfwtdir.sys [2/6/2009 10:58 AM 93336]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [12/8/2007 4:42 PM 8576]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [6/25/2002 3:47 PM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 10:57 AM 727720]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [1/11/2003 7:52 PM 34916]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\SYSTEM32\DRIVERS\vpcappsv.sys [5/17/2004 6:15 PM 10374]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\SYSTEM32\DRIVERS\A5AGU.sys [7/25/2005 9:32 PM 348352]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\SYSTEM32\DRIVERS\Athfmwdl.sys [7/25/2005 9:35 PM 43392]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 10:12 PM 202096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; "f:\moreprograms\msvs2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> f:\moreprograms\msvs2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAULS-Paul.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-18 08:44]

2010-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dellnet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\q4k6z18u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 11:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5660)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\devldr32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-23 12:04:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-23 18:04
ComboFix2.txt 2010-12-22 22:31

Pre-Run: 26,796,658,688 bytes free
Post-Run: 26,791,247,872 bytes free

- - End Of File - - 1FEEAA0FC45A9B1D22F9740852CB665A

 

OTL logfile created on: 12/23/2010 1:08:44 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 782.00 Mb Available Physical Memory | 76.00% Memory free
907.00 Mb Paging File | 843.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 24.85 Gb Free Space | 44.50% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- F:\MorePrograms\msvs2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/08 18:02:49 | 003,020,888 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/06 12:00:22 | 000,020,680 | ---- | M] (ESET) [On_Demand] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 11:57:12 | 000,727,720 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/11/02 13:31:14 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/10/04 19:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/10/04 19:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/04 19:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2002/05/03 11:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/11/26 19:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2010/12/22 15:42:36 | 000,036,736 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ultra.sys -- (ultra)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/07 03:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 03:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/02/06 11:58:02 | 000,093,336 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 11:56:56 | 000,106,208 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 11:53:50 | 000,113,448 | ---- | M] (ESET) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys -- (eamon)
DRV - [2007/07/28 15:21:16 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dr71WU.sys -- (RT73)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/18 23:26:00 | 003,988,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
DRV - [2005/07/25 22:35:36 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2005/07/25 22:32:14 | 000,348,352 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\A5AGU.sys -- (A5AGU)
DRV - [2004/08/04 02:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 02:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/05/17 19:15:08 | 000,010,374 | ---- | M] (Connectix Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\vpcappsv.sys -- (VPCAppSv)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/12/18 13:20:50 | 000,147,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMM.sys -- (vmm)
DRV - [2003/11/08 17:24:17 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/09/19 20:23:40 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV - [2002/06/30 19:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 19:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 19:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/06/25 16:47:41 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2002/06/25 16:47:41 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2002/06/25 16:47:40 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2002/06/25 16:47:40 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2002/06/25 16:47:01 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2002/06/25 16:44:53 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2002/06/25 16:44:52 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2002/06/25 16:44:52 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2002/06/25 16:41:08 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2002/06/25 16:38:32 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2002/06/25 16:37:19 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2002/06/25 16:36:37 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2002/06/25 16:36:19 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\asc.sys -- (asc)
DRV - [2002/06/25 16:36:19 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2002/06/25 16:36:17 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/06/13 16:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/05/03 11:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys -- (vcdrom)
DRV - [2001/09/27 10:58:20 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/09/13 13:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/08/31 08:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/07/11 06:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)
DRV - [1999/08/10 14:51:58 | 000,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Paul_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\Paul_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 00:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 23:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2010/12/20 23:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/12/20 23:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2010/12/20 23:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/12/20 23:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/21 19:49:18 | 000,000,000 | ---D | M]

[2010/12/23 00:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/17 23:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/08/04 17:41:26 | 000,105,840 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/12/23 12:56:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKU\Owner_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Owner_ON_C..\Run: [McAfee.InstantUpdate.Monitor] C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe File not found
O4 - HKU\Owner_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Paul_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Paul_ON_C..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\Paul_ON_C..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\Paul_ON_C..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\Paul_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Paul_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Paul_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Paul_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.8147106481 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://65.54.141.62/client/msnmusax4311.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 10:50:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\PROGRA~1\AVG\AVG10\avgrsx.exe File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/23 13:16:32 | 127,353,979 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\OTLPENet.exe
[2010/12/23 12:58:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/23 04:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/12/23 01:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\ImgBurn
[2010/12/23 01:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/12/22 17:07:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/22 17:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/22 17:03:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/22 17:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/22 17:03:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/22 17:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/22 17:03:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/22 15:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\Windowsbbs
[2010/12/21 00:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/13 00:44:33 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010/12/13 00:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010/12/12 19:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2010/12/12 19:01:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/12 19:01:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/12 17:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\MeBoy
[2010/12/05 13:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Logitech
[2010/12/05 01:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\WMTools Downloaded Files
[2010/12/05 00:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\AOL OCP
[2010/12/05 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2010/12/05 00:48:31 | 000,000,000 | ---D | C] -- C:\installer
[2010/12/05 00:44:21 | 000,000,000 | ---D | C] -- C:\I386
[2010/12/05 00:44:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/12/05 00:44:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/12/05 00:44:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/12/05 00:44:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803$
[2010/12/05 00:35:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/12/05 00:35:19 | 000,000,000 | ---D | C] -- C:\questionableSystem
[2010/12/05 00:30:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/05 00:29:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/12/05 00:29:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/05 00:27:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/12/05 00:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/12/05 00:27:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/12/05 00:27:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\DTS9_KB932557_ENU
[2010/12/05 00:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/12/05 00:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/12/05 00:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/12/05 00:27:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\NS9_KB932557_ENU
[2010/12/05 00:27:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/12/05 00:27:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\OLAP9_KB932557_ENU
[2010/12/05 00:27:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/12/05 00:27:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/12/05 00:27:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\StartHtmico
[2010/12/05 00:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB932557_ENU
[2010/12/05 00:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB932557_ENU
[2010/12/05 00:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB960089_ENU
[2010/12/05 00:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB948109_ENU
[2010/12/05 00:26:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/05 00:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ZACK
[2010/12/05 00:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Windows Update Setup Files
[2010/12/05 00:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/12/05 00:26:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\TWAIN_32
[2010/12/05 00:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner
[2010/12/05 00:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\MTV Networks
[2010/12/05 00:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/05 00:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/12/05 00:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/12/05 00:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/12/05 00:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010/12/05 00:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/12/05 00:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/12/05 00:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2010/12/05 00:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/12/05 00:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/05 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/12/05 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/12/05 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/12/05 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2010/12/05 00:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\AOD
[2010/12/05 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/12/05 00:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\MigWiz
[2010/12/05 00:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/12/05 00:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\ApplicationHistory
[2010/12/05 00:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Systweak
[2010/12/05 00:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\NCH Swift Sound
[2010/12/05 00:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Identities
[2010/12/01 23:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/01 22:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2010/11/29 20:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\uTorrent
[2010/11/29 18:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 18:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/29 17:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration(2)
[2010/11/28 16:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2004/02/21 21:26:00 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/12/23 14:00:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/23 13:52:21 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/23 13:52:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/23 13:51:32 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{A514B8B3-F85D-44E5-B4F2-686A4C81177E}
[2010/12/23 13:51:25 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/23 13:51:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/12/23 13:51:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/12/23 13:44:16 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\OTLPENet.exe
[2010/12/23 13:15:04 | 000,281,116 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\winlogon.zip
[2010/12/23 13:14:58 | 000,379,526 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\explorer.zip
[2010/12/23 12:56:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/12/23 03:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PAULS-Paul.job
[2010/12/23 01:34:22 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/12/23 01:02:21 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/12/22 15:42:36 | 000,036,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\ultra.sys
[2010/12/18 19:53:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/17 01:50:33 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\xmas list.xls
[2010/12/15 21:18:01 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Autism Paper.doc
[2010/12/13 00:44:36 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Cheat Engine.lnk
[2010/12/12 18:46:41 | 000,203,824 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/05 13:39:11 | 000,498,114 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/12/05 13:39:11 | 000,088,980 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/12/05 02:01:00 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/05 01:04:16 | 000,833,112 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\BlackBerry Storm 9530.ipd
[2010/11/29 18:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 18:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 18:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 18:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2067/02/24 16:21:18 | 000,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2010/12/23 13:15:02 | 000,281,116 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\winlogon.zip
[2010/12/23 13:14:53 | 000,379,526 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\explorer.zip
[2010/12/23 01:34:22 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/12/23 01:26:31 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PAULS-Paul.job
[2010/12/22 17:08:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/22 17:08:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/22 17:03:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/22 17:03:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/22 17:03:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/22 17:03:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/22 17:03:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/16 00:51:42 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\xmas list.xls
[2010/12/15 21:18:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Autism Paper.doc
[2010/12/13 00:44:36 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Cheat Engine.lnk
[2010/12/13 00:44:33 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/12/12 18:46:41 | 000,203,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/08 18:14:44 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/05 01:43:21 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/05 00:59:17 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Rim.Desktop.Exception.log
[2010/09/05 02:48:34 | 000,092,672 | RHS- | C] () -- C:\WINDOWS\System32\mfcsubs2.dll
[2010/07/21 18:52:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2010/07/21 13:38:23 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/20 21:36:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2010/07/20 21:03:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/07/13 21:10:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/13 21:10:18 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/07/13 21:10:16 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/28 12:53:49 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2007/07/28 12:53:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/01/07 22:57:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2007/01/07 22:52:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/01/07 22:51:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/01/07 22:44:17 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/11/26 22:43:53 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/08/23 20:01:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/25 11:18:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006/02/15 15:14:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/12/18 20:09:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/02/21 23:20:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/21 21:20:14 | 000,002,064 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/10/06 15:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 15:16:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 15:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 15:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/13 01:55:43 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/05/01 21:06:38 | 000,285,184 | R--- | C] () -- C:\WINDOWS\System32\LFCMP11n.DLL
[2003/05/01 21:06:38 | 000,081,408 | R--- | C] () -- C:\WINDOWS\System32\lffax11n.dll
[2003/05/01 21:06:38 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\lfwmf11n.dll
[2003/04/24 20:18:35 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BREW_MIF.INI
[2003/04/18 21:03:49 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/03/25 23:14:01 | 000,000,872 | ---- | C] () -- C:\WINDOWS\wnsetup.ini
[2003/03/25 16:51:07 | 000,000,009 | ---- | C] () -- C:\WINDOWS\MCCNP.INI
[2003/03/23 01:22:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/03/23 00:54:58 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/02/23 16:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2003/01/16 17:33:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/01/12 20:00:21 | 000,000,467 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/01/11 21:11:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2003/01/11 20:53:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/11 20:53:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/26 20:31:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/26 20:18:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/10/26 20:18:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/10/26 20:11:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/06/25 16:48:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\ultra.sys
[2002/04/01 13:17:00 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/08/31 10:50:36 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/10/23 13:15:36 | 000,097,968 | ---- | C] () -- C:\WINDOWS\System32\POSTWPP.DLL

========== LOP Check ==========

[2006/07/04 07:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Weather Channel Platinum
[2010/07/26 01:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GameTuts
[2010/12/23 01:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ImgBurn
[2010/12/05 00:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/12/05 00:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\NCH Swift Sound
[2010/10/11 17:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Research In Motion
[2010/07/20 20:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Subversion
[2010/12/05 00:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Systweak
[2010/12/05 00:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 05:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=C59C3671DE1D07F89429D7B2848C94FF -- C:\WINDOWS\explorer.exe

< MD5 for: WINLOGON.EXE >
[2010/12/23 00:29:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=14EE0F586D4B26605BEA5FCC085E1BCF -- C:\WINDOWS\SYSTEM32\winlogon.exe
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] () MD5=47FE4E46795B261E1353447D0064B661 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/03/21 02:36:56 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=B8135E9ED99A0858DF535CE0A0271558 -- C:\winlogon.exe
[2002/02/21 10:54:16 | 000,429,056 | ---- | M] (Microsoft Corporation) MD5=C605FFF733AAD029D6B533E609C8A6E6 -- C:\I386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
< End of report >

 

ComboFix 10-12-23.02 - Paul 12/23/2010 15:38:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.650 [GMT -6:00]
Running from: c:\documents and settings\Paul\Desktop\Windowsbbs\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\Windowsbbs\CFScript.log
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
C:\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2067-02-24 21:21 . 2003-02-05 10:02 79947 ----a-w- c:\windows\fw20.vxd
2010-12-23 20:19 . 2010-12-23 20:19 -------- d-----w- C:\_OTL
2010-12-23 09:08 . 2010-12-23 09:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-23 06:37 . 2010-12-23 06:37 -------- d-----w- c:\documents and settings\Paul\Application Data\ImgBurn
2010-12-23 06:34 . 2010-12-23 06:34 -------- d-----w- c:\program files\ImgBurn
2010-12-21 05:03 . 2010-12-21 05:05 -------- d-----w- c:\program files\iTunes
2010-12-13 05:44 . 2009-01-26 05:36 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-12-13 05:44 . 2009-01-26 05:36 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-12-13 05:44 . 2010-12-13 07:15 -------- d-----w- c:\program files\Cheat Engine
2010-12-13 00:02 . 2010-12-13 00:02 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2010-12-13 00:01 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 00:01 . 2010-12-13 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-13 00:01 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 00:01 . 2010-12-13 00:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:36 . 2010-12-05 18:36 -------- d-----w- c:\documents and settings\Paul\Application Data\Logitech
2010-12-05 07:20 . 2010-12-05 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-05 06:24 . 2010-12-05 07:03 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\WMTools Downloaded Files
2010-12-05 05:52 . 2010-12-05 05:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-05 05:50 . 2010-12-05 05:50 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\AOL OCP
2010-12-05 05:50 . 2010-12-05 05:50 -------- d-----w- c:\program files\AIM6
2010-12-05 05:29 . 2010-12-05 05:29 -------- d--h--w- c:\windows\ie8
2010-12-05 05:26 . 2010-12-05 05:26 -------- d-----w- c:\windows\SQL9_KB960089_ENU
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\MigWiz
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\ApplicationHistory
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\Leadertech
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\Systweak
2010-12-05 05:25 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\NCH Swift Sound
2010-12-02 04:10 . 2010-12-05 05:25 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-30 01:30 . 2010-12-05 05:25 -------- d-----w- c:\documents and settings\Paul\Application Data\uTorrent
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 21:57 . 2010-12-05 06:15 -------- d-----w- c:\program files\RocketDock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 20:42 . 2002-06-25 21:48 36736 ----a-w- c:\windows\system32\drivers\ultra.sys
2010-09-28 21:44 . 2009-05-17 00:10 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2009-05-17 00:10 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2008-03-21 . B8135E9ED99A0858DF535CE0A0271558 . 507904 . . [5.1.2600.5508] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB820291$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SsAAD.exe "= "c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"AHQInit "= "c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"nwiz "= "nwiz.exe" [2007-04-19 1626112]
"Logitech Utility "= "Logi_MwX.Exe" [2003-11-07 19968]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"D-Link Wireless G WUA-1340 "= "c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager "= "c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=" "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe "=
"c:\\WINDOWS\\SYSTEM32\\telnet.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23:TCP "= 23:TCP:Telnet
"67:UDP "= 67:UDPHCP Discovery Service
"1037:TCP "= 1037:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [2/6/2009 10:56 AM 106208]
R1 epfwtdir;epfwtdir;c:\windows\SYSTEM32\DRIVERS\epfwtdir.sys [2/6/2009 10:58 AM 93336]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [12/8/2007 4:42 PM 8576]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [6/25/2002 3:47 PM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 10:57 AM 727720]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [1/11/2003 7:52 PM 34916]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\SYSTEM32\DRIVERS\vpcappsv.sys [5/17/2004 6:15 PM 10374]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\SYSTEM32\DRIVERS\A5AGU.sys [7/25/2005 9:32 PM 348352]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\SYSTEM32\DRIVERS\Athfmwdl.sys [7/25/2005 9:35 PM 43392]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 10:12 PM 202096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; "f:\moreprograms\msvs2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> f:\moreprograms\msvs2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAULS-Paul.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-18 08:44]

2010-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dellnet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\q4k6z18u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-23 15:49:07
ComboFix-quarantined-files.txt 2010-12-23 21:48
ComboFix2.txt 2010-12-22 22:31

Pre-Run: 26,647,478,272 bytes free
Post-Run: 26,626,048,000 bytes free

- - End Of File - - 3212CAE20C45ADE452239AF917D54E13

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET NOD32 Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java Web Start
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java(TM) 6 Update 22
Java 2 Runtime Environment, SE v1.4.0_03
Java 2 Runtime Environment, SE v1.4.1_02
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````












QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Thu Dec 23 16:25:19 2010
Machine ID: 98F903B9

C:\WINDOWS\system32\mfcsubs2.dll - could not be scanned


No infection found.
-------------------



Processes
---------
America Online 344 C:\WINDOWS\wanmpsvc.exe
Bonjour 736 C:\Program Files\Bonjour\mDNSResponder.exe
Canon Camera Access Library 8 2196 C:\Program Files\Canon\CAL\CALMAIN.exe
Creative Ring3 NT Inteface 1752 C:\WINDOWS\SYSTEM32\devldr32.exe
Creative Service for CDROM Access 756 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
Dell Support 2732 C:\Program Files\DellSupport\DSAgnt.exe
ESET Smart Security 2504 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
ESET Smart Security 788 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
Firefox 3768 C:\Program Files\Mozilla Firefox\firefox.exe
iTunes 2176 C:\Program Files\iPod\bin\iPodService.exe
iTunes 2160 C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE 6 U22 416 C:\Program Files\Java\jre6\bin\jqs.exe
Logitech Webcam Software 920 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Microsoft (R) DRM 1820 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
Microsoft® Visual Studio .NET 952 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Microsoft® Windows® Operating System 180 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2968 C:\WINDOWS\SYSTEM32\alg.exe
Microsoft® Windows® Operating System 1268 C:\WINDOWS\SYSTEM32\csrss.exe
Microsoft® Windows® Operating System 3372 C:\WINDOWS\SYSTEM32\dllhost.exe
Microsoft® Windows® Operating System 1360 C:\WINDOWS\SYSTEM32\lsass.exe
Microsoft® Windows® Operating System 2456 C:\WINDOWS\SYSTEM32\rundll32.exe
Microsoft® Windows® Operating System 1340 C:\WINDOWS\SYSTEM32\services.exe
Microsoft® Windows® Operating System 1216 C:\WINDOWS\SYSTEM32\smss.exe
Microsoft® Windows® Operating System 400 C:\WINDOWS\SYSTEM32\spoolsv.exe
Microsoft® Windows® Operating System 1836 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1968 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 2116 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 664 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 612 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1488 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1532 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1600 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1644 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1692 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 212 C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
Microsoft® Windows® Operating System 1296 C:\WINDOWS\SYSTEM32\winlogon.exe
Microsoft® Windows® Operating System 3040 C:\WINDOWS\SYSTEM32\wscntfy.exe
Microsoft® Windows® Operating System 2272 C:\WINDOWS\SYSTEM32\wuauclt.exe
Microsoft® Windows® Operating System 3532 C:\WINDOWS\SYSTEM32\wuauclt.exe
MobileDeviceService 704 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVIDIA Driver Helper Service, Version 9 1080 C:\WINDOWS\SYSTEM32\nvsvc32.exe
PowerISO Virtual Drive Manager 2544 C:\Program Files\PowerISO\PWRISOVM.EXE
RocketDock.exe 3972 C:\Program Files\RocketDock\RocketDock.exe
SonicStage 2788 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe
Wireless LAN Monitor 2464 C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe


Network activity
----------------
Process ekrn.exe (788) connected on port 443 (HTTP over SSL) --> 209.107.220.159
Process ekrn.exe (788) connected on port 80 (HTTP) --> 69.31.132.153
Process ekrn.exe (788) connected on port 80 (HTTP) --> 198.173.20.66
Process ekrn.exe (788) connected on port 80 (HTTP) --> 198.173.20.66
Process ekrn.exe (788) connected on port 80 (HTTP) --> 74.125.95.138
Process ekrn.exe (788) connected on port 80 (HTTP) --> 74.125.95.99
Process ekrn.exe (788) connected on port 80 (HTTP) --> 74.125.95.99
Process ekrn.exe (788) connected on port 80 (HTTP) --> 74.125.95.102
Process ekrn.exe (788) connected on port 80 (HTTP) --> 91.199.104.31
Process ekrn.exe (788) connected on port 80 (HTTP) --> 66.235.142.20
Process ekrn.exe (788) connected on port 443 (HTTP over SSL) --> 74.125.95.95
Process ekrn.exe (788) connected on port 80 (HTTP) --> 204.2.228.232
Process ekrn.exe (788) connected on port 80 (HTTP) --> 209.85.225.139
Process ekrn.exe (788) connected on port 80 (HTTP) --> 204.2.228.232
Process ekrn.exe (788) connected on port 80 (HTTP) --> 198.173.20.66
Process ekrn.exe (788) connected on port 80 (HTTP) --> 198.173.20.66
Process ekrn.exe (788) connected on port 80 (HTTP) --> 198.173.20.66
Process ekrn.exe (788) connected on port 80 (HTTP) --> 74.125.95.138
Process ekrn.exe (788) connected on port 443 (HTTP over SSL) --> 65.55.13.91
Process ekrn.exe (788) connected on port 80 (HTTP) --> 66.220.149.25

Process svchost.exe (1600) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe CS5 Service Manager C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
AHQInit Application C:\Program Files\Creative\SBLive\Program\AHQInit.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Dell Support C:\Program Files\DellSupport\DSAgnt.exe
ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Logitech Vid C:\Program Files\Logitech\Logitech Vid\vid.exe
LWS.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
MouseWare C:\WINDOWS\Logi_MwX.Exe
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\SYSTEM32\nvmctray.dll
nwiz.exe C:\WINDOWS\system32\nwiz.exe
PowerISO Virtual Drive Manager C:\Program Files\PowerISO\PWRISOVM.EXE
QuickTime C:\Program Files\QuickTime\QTTask.exe
RocketDock.exe C:\Program Files\RocketDock\RocketDock.exe
Skype C:\Program Files\Skype\Phone\Skype.exe
SonicStage C:\Program Files\Sony\SonicStage\SSAAD.exe
Windows Genuine Advantage C:\WINDOWS\SYSTEM32\WgaLogon.dll
Windows® Internet Explorer C:\WINDOWS\SYSTEM32\webcheck.dll
Wireless LAN Monitor C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\q4k6z18u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\q4k6z18u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\q4k6z18u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Broderbund Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
Graphics Display Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
HP Peripheral Interrogator C:\Program Files\Internet Explorer\plugins\nphppi.dll
InstallShield (R) C:\WINDOWS\Downloaded Program Files\iSetup.dll
InstallShield (R) C:\WINDOWS\Downloaded Program Files\iSetup.exe
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MetaStream 3 Plugin C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
Microsoft® Windows Live OneCare C:\WINDOWS\Downloaded Program Files\wlscBase.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\winrnr.dll
Mozilla ActiveX control and plugin supp C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\SYSTEM32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
--> HKLM\System\ControlSet001\services\nosGetPlusHelper\Parameters\ "ServiceDll "

File not found: C:\Program Files\Viewpoint\Common\ViewpointService.exe
--> HKLM\System\ControlSet001\services\Viewpoint Manager Service\ "ImagePath "

File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\ "ServiceDll "

File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\ "ServiceDll "


Scan
----

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\drivers\ULTRA.sys

Upload started - 1 file(s)
ULTRA.sys (36736)
Upload speed - 5 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 18 sec
Total traffic - 0.09 MB sent, 636.80 KB recvd
Scanned 1129 files and modules - 121 seconds

==============================================================================

 

ok so i tried to run the otl and it wouldnt give me a log and it also wouldnt restart the computer manually even though it asked if i wanted to and hit yes