Solved Windows Vista Google Redirect Malware

ThomasDraco · 2011/02/18

[Resolved] Windows Vista Google Redirect Malware

Hello, I've recently been plauged by another Google redirect malware attack. Problem is that this is a bit different than the attack I suffered a few months back on a different PC. This time, Windows Firewall is blocked out, and I can't change the settings or anything. Also, I am unable to install any new anti-malware or virus programs, like Malwarebytes or AVG. Now, I know some of the steps to removing this stuff, like using HijackThis or Combofix, but I need some expert supervision so I don't mess up further.

Thank you!

ThomasDraco · 2011/02/18

Sorry for double posting, but I was able to get Malwarebytes on, but the problem persists.

Heres the two logs I was able to get today.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

2/18/2011 2:38:24 PM
mbam-log-2011-02-18 (14-38-24).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 335119
Time elapsed: 1 hour(s), 34 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Windows\Temp\explorer.exe (Trojan.Agent) -> 3640 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\robert aka dad\AppData\Local\windows server\qjeoaq.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Users\robert aka dad\AppData\Roaming\microsoft\Windows\templates\memory.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert aka dad\local settings\application data\windows server\qjeoaq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\robert aka dad\templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

2nd One:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5804

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

2/18/2011 6:02:07 PM
mbam-log-2011-02-18 (18-02-07).txt

Scan type: Quick scan
Objects scanned: 161650
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lpc (Trojan.Ambler.Gen) -> Value: lpc -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\robert aka dad\AppData\Roaming\Sun\zxvd32.dll (Trojan.Ambler.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1076728386-3367342341-1048891375-1002\$R0ZAFRG.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1076728386-3367342341-1048891375-1002\$R3SBKCI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1076728386-3367342341-1048891375-1002\$RRNTTWA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Admin. · 2011/02/18

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

ThomasDraco · 2011/02/18

"Admin. said: ↑

Hi,

Read this post as indicated at the top of this forum & follow the instructions.
Click to expand...

Sorry, I should have read that.

I ran the TFC, and the MBAM log is there.

Here's the GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-18 21:16:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 SAMSUNG_ rev.ZM10
Running: j9b1ldr9.exe; Driver: C:\Users\ROBERT~1\AppData\Local\Temp\axxoifoc.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 8457DBF8
INT 0x92 ? 8457DBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\pajo.sys The system cannot find the path specified. !
? System32\Drivers\spmr.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AE06340, 0x413097, 0xE8000020]
.text USBPORT.SYS!DllUnload 8B5B741B 5 Bytes JMP 866A74E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[800] ntdll.dll!NtProtectVirtualMemory 77074B84 5 Bytes JMP 0257000A
.text C:\Program Files\Internet Explorer\iexplore.exe[800] ntdll.dll!NtWriteVirtualMemory 770754C4 5 Bytes JMP 0258000A
.text C:\Program Files\Internet Explorer\iexplore.exe[800] ntdll.dll!KiUserExceptionDispatcher 77075BF8 5 Bytes JMP 0254000A
.text C:\Program Files\Internet Explorer\iexplore.exe[800] GDI32.dll!ExtTextOutW 76BB872B 5 Bytes JMP 00B7CAAC
.text C:\Program Files\Internet Explorer\iexplore.exe[800] GDI32.dll!GetGlyphIndicesW 76BBB765 5 Bytes JMP 00B7CF2D
.text C:\Program Files\Internet Explorer\iexplore.exe[800] GDI32.dll!ExtTextOutA 76BC00A5 5 Bytes JMP 00B7C9C7
.text C:\Program Files\Internet Explorer\iexplore.exe[800] GDI32.dll!TextOutA 76BC0BAB 5 Bytes JMP 00B7C4A5
.text C:\Program Files\Internet Explorer\iexplore.exe[800] GDI32.dll!TextOutW 76BC0D6D 5 Bytes JMP 00B7C572
.text C:\Program Files\Internet Explorer\iexplore.exe[800] GDI32.dll!GetGlyphIndicesA 76BD9DC0 5 Bytes JMP 00B7CE63
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DrawTextExW 771591CE 5 Bytes JMP 00B7C8DF
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DrawTextW 771597D3 5 Bytes JMP 00B7C71B
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DrawTextA 7716558D 5 Bytes JMP 00B7C63F
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DrawTextExA 771655C4 5 Bytes JMP 00B7C7F7
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DialogBoxParamW 771710B0 5 Bytes JMP 6E8FBFE7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DialogBoxIndirectParamW 77172EF5 5 Bytes JMP 6EA3BBB2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!SetClipboardData 77186410 5 Bytes JMP 00B7C392
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DialogBoxParamA 77188152 3 Bytes JMP 6EA3BB77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DialogBoxParamA + 4 77188156 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DialogBoxIndirectParamA 7718847D 3 Bytes JMP 6EA3BBED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!DialogBoxIndirectParamA + 4 77188481 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!MessageBoxIndirectA 7719D4D9 5 Bytes JMP 6EA3BB33 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!MessageBoxIndirectW 7719D5D3 5 Bytes JMP 6EA3BAEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!MessageBoxExA 7719D639 5 Bytes JMP 6EA3BAB5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] USER32.dll!MessageBoxExW 7719D65D 5 Bytes JMP 6EA3BA7B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[800] ole32.dll!OleLoadFromStream 75891E80 5 Bytes JMP 6EA3BDAF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtProtectVirtualMemory 77074B84 5 Bytes JMP 006F000A
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtWriteVirtualMemory 770754C4 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!KiUserExceptionDispatcher 77075BF8 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[1884] ole32.dll!CoCreateInstance 758C9F3E 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!WindowFromPoint 7714884F 5 Bytes JMP 0128000A
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!GetForegroundWindow 771532C4 5 Bytes JMP 0129000A
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!GetCursorPos 77160B88 5 Bytes JMP 009B000A
.text C:\Windows\Explorer.EXE[2868] ntdll.dll!NtProtectVirtualMemory 77074B84 5 Bytes JMP 01DE000A
.text C:\Windows\Explorer.EXE[2868] ntdll.dll!NtWriteVirtualMemory 770754C4 5 Bytes JMP 01DF000A
.text C:\Windows\Explorer.EXE[2868] ntdll.dll!KiUserExceptionDispatcher 77075BF8 5 Bytes JMP 01DD000A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- Files - GMER 1.0.15 ----

File C:\Users\Robert aka Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robert aka Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VXHAVWV\H6B795EF\MFKMLBKQ\MNCXHUY2\NZJF92YY\PY95BRW3\UG9DBTFZ\www.shockwave.com\content\300mph 0 bytes
File C:\Users\Robert aka Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robert aka Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VXHAVWV\H6B795EF\MFKMLBKQ\MNCXHUY2\NZJF92YY\PY95BRW3\UG9DBTFZ\www.shockwave.com\content\300mph\sis 0 bytes
File C:\Users\Robert aka Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robert aka Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VXHAVWV\H6B795EF\MFKMLBKQ\MNCXHUY2\NZJF92YY\PY95BRW3\UG9DBTFZ\www.shockwave.com\content\300mph\sis\300mph.dcr 0 bytes
File C:\Users\Robert aka Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robert aka Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VXHAVWV\H6B795EF\MFKMLBKQ\MNCXHUY2\NZJF92YY\PY95BRW3\UG9DBTFZ\www.shockwave.com\content\twohundredmiles 0 bytes
File C:\Users\Robert aka Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robert aka Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VXHAVWV\H6B795EF\MFKMLBKQ\MNCXHUY2\NZJF92YY\PY95BRW3\UG9DBTFZ\www.shockwave.com\content\twohundredmiles\sis 0 bytes
File C:\Users\Robert aka Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robert aka Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VXHAVWV\H6B795EF\MFKMLBKQ\MNCXHUY2\NZJF92YY\PY95BRW3\UG9DBTFZ\www.shockwave.com\content\twohundredmiles\sis\_200mph.dcr 0 bytes

---- EOF - GMER 1.0.15 ----

MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc
System Manufacturer: Dell Inc
System Product Name: Dimension E521
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 159):
0x82413000 \SystemRoot\system32\ntkrnlpa.exe
0x827CD000 \SystemRoot\system32\hal.dll
0x86677000 \SystemRoot\system32\kdcom.dll
0x80404000 \SystemRoot\system32\PSHED.dll
0x80415000 \SystemRoot\system32\BOOTVID.dll
0x8041D000 \SystemRoot\system32\CLFS.SYS
0x8045E000 \SystemRoot\system32\CI.dll
0x8053E000 \SystemRoot\System32\drivers\pajo.sys
0x8054C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060D000 \SystemRoot\System32\Drivers\spmr.sys
0x8070D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80716000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8073C000 \SystemRoot\system32\drivers\acpi.sys
0x80782000 \SystemRoot\system32\drivers\msisadrv.sys
0x8078A000 \SystemRoot\system32\drivers\pci.sys
0x807B1000 \SystemRoot\System32\drivers\partmgr.sys
0x807C0000 \SystemRoot\system32\drivers\volmgr.sys
0x82A07000 \SystemRoot\System32\drivers\volmgrx.sys
0x82A51000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A61000 \SystemRoot\system32\drivers\nvraid.sys
0x82A7A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82A9B000 \SystemRoot\system32\drivers\nvstor.sys
0x82AA8000 \SystemRoot\system32\drivers\storport.sys
0x82AE9000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x82B06000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B38000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B48000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82B5E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B67000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C05000 \SystemRoot\system32\drivers\ndis.sys
0x82D10000 \SystemRoot\system32\drivers\msrpc.sys
0x82D3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E06000 \SystemRoot\System32\drivers\tcpip.sys
0x82EF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86A01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86B11000 \SystemRoot\system32\drivers\volsnap.sys
0x86B4A000 \SystemRoot\System32\Drivers\spldr.sys
0x86B52000 \SystemRoot\System32\Drivers\mup.sys
0x86B61000 \SystemRoot\System32\drivers\ecache.sys
0x86B88000 \SystemRoot\system32\drivers\disk.sys
0x86B99000 \SystemRoot\system32\drivers\crcdisk.sys
0x86BD6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86BE1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86BEA000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8AE06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B56F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x82F0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B571000 \SystemRoot\System32\drivers\watchdog.sys
0x8B57D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B587000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B5C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B5D4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8B5D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B5EE000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x82FAB000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x82D76000 \SystemRoot\system32\drivers\ctaud2k.sys
0x82FBB000 \SystemRoot\system32\drivers\portcls.sys
0x82BD8000 \SystemRoot\system32\drivers\drmk.sys
0x807CF000 \SystemRoot\system32\drivers\ks.sys
0x8B607000 \SystemRoot\system32\drivers\ctoss2k.sys
0x8B63B000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x8B643000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B64E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B67D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B688000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B69F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B6AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B6CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B6DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B6F0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B705000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B715000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B720000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B72B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B72D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B737000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B744000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B779000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x90007000 \SystemRoot\system32\drivers\ha20x2k.sys
0x90126000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90137000 \SystemRoot\system32\drivers\emupia2k.sys
0x90166000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x9020A000 \SystemRoot\system32\drivers\ctac32k.sys
0x902A6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x902AF000 \SystemRoot\System32\Drivers\Null.SYS
0x902B6000 \SystemRoot\System32\Drivers\Beep.SYS
0x902BD000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x902CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x902D3000 \SystemRoot\System32\drivers\vga.sys
0x902DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90300000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90308000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90310000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9031B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90329000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90332000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90348000 \SystemRoot\system32\DRIVERS\smb.sys
0x9035C000 \SystemRoot\system32\drivers\afd.sys
0x903A4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x903D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x903EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9018F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90200000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x901A2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x901DE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B783000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080421.002\IDSvix86.sys
0x8B7C7000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x901E8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x902C3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82FE8000 \SystemRoot\System32\Drivers\dfsc.sys
0x901F2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B7EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B5F4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x86BA2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x86BAF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x86BB9000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x82DF4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9A220000 \SystemRoot\System32\win32k.sys
0x80600000 \SystemRoot\System32\drivers\Dxapi.sys
0x805D5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A440000 \SystemRoot\System32\TSDDD.dll
0x9A460000 \SystemRoot\System32\cdd.dll
0x805E4000 \SystemRoot\system32\drivers\luafv.sys
0x9DA0E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9DA19000 \SystemRoot\System32\DLA\DLADResM.SYS
0x9DA1A000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x9DA32000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x9DA37000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x9DA39000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x9DA40000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9DA47000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9DA5D000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x9DA84000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9DA94000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DAA7000 \SystemRoot\system32\drivers\spsys.sys
0x9DB57000 \SystemRoot\system32\drivers\HTTP.sys
0x9DBC4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9DBE1000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA300A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA301F000 \SystemRoot\system32\drivers\mrxdav.sys
0xA3040000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA305F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3098000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA30B0000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3126000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
0xA3128000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA3A06000 \SystemRoot\system32\drivers\peauth.sys
0xA3AE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3AEE000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA3B16000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3B22000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA3B2A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA3B50000 \SystemRoot\system32\drivers\tdtcp.sys
0xA3B5B000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA3B67000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA3B9A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA3BB0000 \??\C:\Users\ROBERT~1\AppData\Local\Temp\axxoifoc.sys
0x77010000 \Windows\System32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
464 csrss.exe
516 C:\Windows\System32\wininit.exe
524 csrss.exe
560 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\SLsvc.exe
1328 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\rundll32.exe
1476 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\spoolsv.exe
1740 C:\Windows\System32\svchost.exe
1964 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1984 C:\Program Files\Bonjour\mDNSResponder.exe
1996 C:\Windows\System32\CTSVCCDA.EXE
320 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
432 C:\Windows\System32\svchost.exe
1176 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1104 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\svchost.exe
1800 C:\Windows\System32\SearchIndexer.exe
1544 C:\Windows\System32\drivers\XAudio.exe
2780 C:\Windows\System32\dwm.exe
2868 C:\Windows\explorer.exe
3168 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
3176 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3216 C:\Windows\System32\rundll32.exe
3232 C:\Program Files\Alltel Broadband Connect\AvqAutorun.exe
3288 C:\Program Files\iTunes\iTunesHelper.exe
3308 C:\Windows\ehome\ehtray.exe
3332 C:\Program Files\Windows Media Player\wmpnscfg.exe
3632 C:\Windows\ehome\ehmsas.exe
3780 C:\Program Files\Windows Media Player\wmpnetwk.exe
1444 C:\Windows\System32\CTxfispi.exe
3036 C:\Program Files\iPod\bin\iPodService.exe
800 C:\Program Files\Internet Explorer\iexplore.exe
724 C:\Windows\System32\svchost.exe
3928 C:\Windows\System32\SearchProtocolHost.exe
412 C:\Windows\System32\SearchFilterHost.exe
1820 C:\Users\Robert aka Dad\Documents\Toms Stuff\New Folder\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD160JJ/P, Rev: ZM10

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

I'll post the rest next.

ThomasDraco · 2011/02/18

DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Robert aka Dad at 21:18:32.41 on Fri 02/18/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1022.130 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alltel Broadband Connect\AvqAutorun.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Robert aka Dad\Documents\Toms Stuff\New Folder\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://msn.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus CX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_S4E93.tmp" /EF "HKCU "
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [{9AA8FE27-89A8-99BA-8b85-9AE9B9ABA99F}] "c:\program files\alltel broadband connect\avqautorun.exe" "c:\program files\alltel broadband connect\mphonetools.exe" /OnPlug=%s
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [CE8SIIFGSU] c:\windows\temp\Fnb.exe
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: soaringeaglecasino.com\www
Trusted Zone: stormofaces.com\www
Trusted Zone: wildblue.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270691030529
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1043
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: rcrsfnn - rcrsfnn.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080421.002\IDSvix86.sys [2008-4-21 261680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-25 21504]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-3-27 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-3-27 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-3-27 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-3-27 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-3-27 115216]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-3-27 160400]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]

=============== Created Last 30 ================

2011-02-18 22:24:07 135168 --sha-r- c:\windows\system32\lfbmp13nn.dll
2011-02-18 18:01:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 18:01:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 16:28:52 -------- d-----w- c:\progra~2\MFAData
2011-02-18 15:50:25 10752 ----a-w- c:\windows\system32\rcrsfnn.dll
2011-02-18 15:44:14 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d4db637a-cfde-439d-bd96-d8f881a394e6}\mpengine.dll
2011-02-09 10:29:11 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 10:29:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 10:29:08 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 10:29:07 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 10:29:04 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-03 22:35:31 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_ rev.ZM10 -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x864565DC]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8645c7b8]; MOV EAX, [0x8645c834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82457912] -> \Device\Harddisk0\DR0[0x85939600]
3 CLASSPNP[0x82A7F8B3] -> ntkrnlpa!IofCallDriver[0x82457912] -> [0x853BCF08]
5 acpi[0x807446BC] -> ntkrnlpa!IofCallDriver[0x82457912] -> [0x84FB1A40]
\Driver\nvstor32[0x861C65A8] -> IRP_MJ_CREATE -> 0x864565DC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000075 -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD160JJ#P#4&21479b0c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 21:20:51.10 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/6/2007 4:34:55 PM
System Uptime: 2/18/2011 7:18:33 PM (2 hours ago)

Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1900/1000mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 139 GiB total, 27.25 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.021 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VIA Rhine III Compatible Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_01061106&REV_8B\4&DC268A3&0&4880
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine III Compatible Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_01061106&REV_8B\4&DC268A3&0&4880
Service: FETNDIS

==== System Restore Points ===================

==== Installed Programs ======================

Aces High
Active@ ISO Burner
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Alltel Broadband Connect
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Dell-Installed Programs
Bonjour
Conexant D850 PCI V.92 Modem
Corel Snapfire Plus
Coupon Printer for Windows
Creative MediaSource 5
Dell Games
Dell System Customization Wizard
DellSupport
Digital Line Detect
EasyJob Resume Builder 4.67.2318
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
Fighter Ace Anniversary Edition
Games, Music, & Photos Launcher
Google Earth Plug-in
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) SE Runtime Environment 6
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mobile PhoneTools
MobileMe Control Panel
Modem Diagnostic Tool
MP3 Player Utilities 4.19
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Norton Internet Security
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
OpenAL
PANTECH USB Modem V2
Power Tab Editor 1.7
Product Documentation Launcher
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
SA30xx Media Converter
Safari
Scholastic's I SPY Fantasy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sonic Activation Module
Sound Blaster X-Fi
Symantec Real Time Storage Protection Component
SymNet
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Windows Live OneCare safety scanner
Works Upgrade

==== End Of File ===========================

There.

broni · 2011/02/18

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

We have a rootkit there....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

ThomasDraco · 2011/02/19

TDSS:

2011/02/19 11:38:59.0120 0424 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 11:38:59.0845 0424 ================================================================================
2011/02/19 11:38:59.0845 0424 SystemInfo:
2011/02/19 11:38:59.0845 0424
2011/02/19 11:38:59.0845 0424 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/19 11:38:59.0845 0424 Product type: Workstation
2011/02/19 11:38:59.0845 0424 ComputerName: ROBERTAKADAD-PC
2011/02/19 11:38:59.0846 0424 UserName: Robert aka Dad
2011/02/19 11:38:59.0846 0424 Windows directory: C:\Windows
2011/02/19 11:38:59.0846 0424 System windows directory: C:\Windows
2011/02/19 11:38:59.0846 0424 Processor architecture: Intel x86
2011/02/19 11:38:59.0846 0424 Number of processors: 2
2011/02/19 11:38:59.0846 0424 Page size: 0x1000
2011/02/19 11:38:59.0846 0424 Boot type: Normal boot
2011/02/19 11:38:59.0846 0424 ================================================================================
2011/02/19 11:39:00.0975 0424 Initialize success
2011/02/19 11:39:04.0834 0228 ================================================================================
2011/02/19 11:39:04.0834 0228 Scan started
2011/02/19 11:39:04.0834 0228 Mode: Manual;
2011/02/19 11:39:04.0834 0228 ================================================================================
2011/02/19 11:39:07.0235 0228 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/19 11:39:07.0362 0228 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/19 11:39:07.0466 0228 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/19 11:39:07.0610 0228 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/19 11:39:07.0654 0228 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/19 11:39:07.0764 0228 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/19 11:39:07.0833 0228 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/02/19 11:39:07.0892 0228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/19 11:39:07.0947 0228 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/02/19 11:39:07.0979 0228 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/02/19 11:39:08.0013 0228 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/02/19 11:39:08.0090 0228 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/19 11:39:08.0146 0228 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/19 11:39:08.0217 0228 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/19 11:39:08.0284 0228 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/19 11:39:08.0363 0228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/19 11:39:08.0424 0228 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
2011/02/19 11:39:08.0578 0228 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/02/19 11:39:08.0677 0228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/19 11:39:08.0819 0228 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/19 11:39:08.0900 0228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/19 11:39:08.0929 0228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/19 11:39:09.0008 0228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/19 11:39:09.0045 0228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/19 11:39:09.0077 0228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/19 11:39:09.0103 0228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/19 11:39:09.0138 0228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/19 11:39:09.0287 0228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/19 11:39:09.0350 0228 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/19 11:39:09.0391 0228 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/19 11:39:09.0469 0228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/19 11:39:09.0584 0228 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/02/19 11:39:09.0624 0228 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/19 11:39:09.0671 0228 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/19 11:39:09.0721 0228 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/19 11:39:09.0826 0228 ctac32k (4205a0d6fb15607de770baed1384dde9) C:\Windows\system32\drivers\ctac32k.sys
2011/02/19 11:39:09.0877 0228 ctaud2k (cbb745c3d667ec97b0a97cd90d08862b) C:\Windows\system32\drivers\ctaud2k.sys
2011/02/19 11:39:09.0954 0228 ctdvda2k (cde9343a54087b6ccaa4b750bf69e16e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/02/19 11:39:10.0006 0228 ctprxy2k (c3b98679d01a65c325ed300835207a00) C:\Windows\system32\drivers\ctprxy2k.sys
2011/02/19 11:39:10.0040 0228 ctsfm2k (b588d53cb153dfb74c875428920d3744) C:\Windows\system32\drivers\ctsfm2k.sys
2011/02/19 11:39:10.0134 0228 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/19 11:39:10.0250 0228 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/19 11:39:10.0318 0228 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/02/19 11:39:10.0355 0228 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/02/19 11:39:10.0402 0228 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/02/19 11:39:10.0426 0228 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2011/02/19 11:39:10.0491 0228 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/02/19 11:39:10.0518 0228 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/02/19 11:39:10.0565 0228 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/02/19 11:39:11.0519 0228 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/02/19 11:39:11.0988 0228 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/02/19 11:39:12.0025 0228 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/02/19 11:39:12.0130 0228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/19 11:39:12.0160 0228 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/02/19 11:39:12.0192 0228 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/02/19 11:39:12.0307 0228 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/19 11:39:12.0327 0228 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
2011/02/19 11:39:12.0425 0228 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/19 11:39:12.0521 0228 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/02/19 11:39:12.0588 0228 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/19 11:39:12.0648 0228 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/19 11:39:12.0764 0228 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/19 11:39:12.0831 0228 emupia (b8c3723e87ecb190b8ee7b21a9e70a15) C:\Windows\system32\drivers\emupia2k.sys
2011/02/19 11:39:12.0995 0228 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/19 11:39:13.0046 0228 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/19 11:39:13.0159 0228 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/19 11:39:13.0254 0228 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/02/19 11:39:13.0314 0228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/19 11:39:13.0418 0228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/19 11:39:13.0484 0228 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/19 11:39:13.0543 0228 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/19 11:39:13.0624 0228 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/19 11:39:13.0710 0228 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/19 11:39:13.0799 0228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/19 11:39:13.0885 0228 ha20x2k (4f0e90e6a49e4df6e46087da0c92f2fd) C:\Windows\system32\drivers\ha20x2k.sys
2011/02/19 11:39:13.0975 0228 HDAudBus (ffb271303ba3c59d9c97b7af1175de95) C:\Windows\system32\drivers\hdaudbus.sys
2011/02/19 11:39:14.0036 0228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/19 11:39:14.0069 0228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/19 11:39:14.0134 0228 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/19 11:39:14.0203 0228 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/19 11:39:14.0325 0228 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/19 11:39:14.0376 0228 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/02/19 11:39:14.0472 0228 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/19 11:39:14.0551 0228 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/19 11:39:14.0609 0228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/19 11:39:14.0649 0228 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/19 11:39:14.0759 0228 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080421.002\IDSvix86.sys
2011/02/19 11:39:14.0799 0228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/19 11:39:14.0867 0228 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2011/02/19 11:39:14.0896 0228 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/19 11:39:14.0976 0228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/19 11:39:15.0049 0228 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/19 11:39:15.0111 0228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/19 11:39:15.0179 0228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/19 11:39:15.0220 0228 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/02/19 11:39:15.0280 0228 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/19 11:39:15.0319 0228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/19 11:39:15.0357 0228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/19 11:39:15.0414 0228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/19 11:39:15.0501 0228 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/19 11:39:15.0570 0228 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/19 11:39:15.0740 0228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/19 11:39:15.0798 0228 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/19 11:39:15.0860 0228 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/19 11:39:15.0912 0228 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/19 11:39:15.0949 0228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/19 11:39:15.0995 0228 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/19 11:39:16.0030 0228 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/19 11:39:16.0110 0228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/19 11:39:16.0206 0228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/19 11:39:16.0289 0228 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
2011/02/19 11:39:16.0320 0228 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/02/19 11:39:16.0398 0228 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2011/02/19 11:39:16.0432 0228 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
2011/02/19 11:39:16.0495 0228 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys
2011/02/19 11:39:16.0568 0228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/19 11:39:16.0605 0228 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/19 11:39:16.0664 0228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/19 11:39:16.0712 0228 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/19 11:39:16.0787 0228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/19 11:39:16.0827 0228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/19 11:39:16.0879 0228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/19 11:39:16.0937 0228 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/19 11:39:16.0971 0228 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/19 11:39:17.0004 0228 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/19 11:39:17.0050 0228 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2011/02/19 11:39:17.0091 0228 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/19 11:39:17.0172 0228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/19 11:39:17.0224 0228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/19 11:39:17.0338 0228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/19 11:39:17.0367 0228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/19 11:39:17.0397 0228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/19 11:39:17.0444 0228 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/19 11:39:17.0480 0228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/19 11:39:17.0515 0228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/19 11:39:17.0550 0228 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/19 11:39:17.0645 0228 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/19 11:39:17.0825 0228 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/19 11:39:17.0888 0228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/19 11:39:17.0962 0228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/19 11:39:18.0002 0228 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/19 11:39:18.0059 0228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/19 11:39:18.0088 0228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/19 11:39:18.0151 0228 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/19 11:39:18.0266 0228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/19 11:39:18.0366 0228 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/19 11:39:18.0430 0228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/19 11:39:18.0517 0228 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/19 11:39:18.0593 0228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/19 11:39:18.0624 0228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/19 11:39:18.0915 0228 nvlddmkm (204a01f718ea2349204ac353f525e7cc) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/19 11:39:19.0393 0228 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/19 11:39:19.0459 0228 nvrd32 (1988af02f581ee0a0a0c4d920b7e272f) C:\Windows\system32\drivers\nvrd32.sys
2011/02/19 11:39:19.0497 0228 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/02/19 11:39:19.0544 0228 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/02/19 11:39:19.0652 0228 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/02/19 11:39:19.0757 0228 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/19 11:39:19.0804 0228 ossrv (3719d5e255ca16dade6d6b595c957493) C:\Windows\system32\drivers\ctoss2k.sys
2011/02/19 11:39:19.0857 0228 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/19 11:39:19.0921 0228 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/19 11:39:19.0960 0228 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/19 11:39:20.0024 0228 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/19 11:39:20.0071 0228 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/02/19 11:39:20.0137 0228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/19 11:39:20.0213 0228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/19 11:39:20.0386 0228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/19 11:39:20.0418 0228 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/19 11:39:20.0521 0228 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/19 11:39:20.0629 0228 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\Windows\system32\DRIVERS\PTUMWBus.sys
2011/02/19 11:39:20.0705 0228 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\Windows\system32\DRIVERS\PTUMWCDF.sys
2011/02/19 11:39:20.0729 0228 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\Windows\system32\DRIVERS\PTUMWFLT.sys
2011/02/19 11:39:20.0814 0228 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\Windows\system32\DRIVERS\PTUMWMdm.sys
2011/02/19 11:39:20.0883 0228 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\Windows\system32\DRIVERS\PTUMWNET.sys
2011/02/19 11:39:20.0939 0228 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\Windows\system32\DRIVERS\PTUMWVsp.sys
2011/02/19 11:39:21.0001 0228 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/19 11:39:21.0092 0228 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/19 11:39:21.0145 0228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/19 11:39:21.0226 0228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/19 11:39:21.0375 0228 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/19 11:39:21.0450 0228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/19 11:39:21.0537 0228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/19 11:39:21.0598 0228 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/19 11:39:21.0644 0228 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/19 11:39:21.0694 0228 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/19 11:39:21.0756 0228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/19 11:39:21.0824 0228 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/02/19 11:39:21.0849 0228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/19 11:39:21.0912 0228 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/19 11:39:22.0038 0228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/19 11:39:22.0124 0228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/19 11:39:22.0186 0228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/19 11:39:22.0255 0228 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/19 11:39:22.0291 0228 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/19 11:39:22.0355 0228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/19 11:39:22.0416 0228 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/19 11:39:22.0441 0228 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/19 11:39:22.0475 0228 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/19 11:39:22.0510 0228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/19 11:39:22.0573 0228 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/02/19 11:39:22.0610 0228 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/19 11:39:22.0645 0228 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/19 11:39:22.0757 0228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/19 11:39:22.0879 0228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/19 11:39:22.0986 0228 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/02/19 11:39:22.0986 0228 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/02/19 11:39:22.0994 0228 sptd - detected Locked file (1)
2011/02/19 11:39:23.0045 0228 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2011/02/19 11:39:23.0096 0228 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/02/19 11:39:23.0142 0228 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/02/19 11:39:23.0208 0228 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/19 11:39:23.0246 0228 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/19 11:39:23.0287 0228 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/19 11:39:23.0431 0228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/19 11:39:23.0513 0228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/19 11:39:23.0555 0228 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/02/19 11:39:23.0589 0228 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/02/19 11:39:23.0666 0228 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
2011/02/19 11:39:23.0696 0228 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/02/19 11:39:23.0745 0228 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/02/19 11:39:23.0800 0228 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/02/19 11:39:23.0865 0228 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/02/19 11:39:23.0908 0228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/19 11:39:23.0963 0228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/19 11:39:24.0087 0228 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/19 11:39:24.0146 0228 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/19 11:39:24.0197 0228 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/19 11:39:24.0254 0228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/19 11:39:24.0290 0228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/19 11:39:24.0338 0228 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/19 11:39:24.0382 0228 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/19 11:39:24.0485 0228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/19 11:39:24.0538 0228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/19 11:39:24.0589 0228 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/19 11:39:24.0632 0228 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/19 11:39:24.0672 0228 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/19 11:39:24.0776 0228 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/19 11:39:24.0815 0228 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/19 11:39:24.0869 0228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/19 11:39:24.0938 0228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/19 11:39:24.0995 0228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/19 11:39:25.0090 0228 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/19 11:39:25.0140 0228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/19 11:39:25.0174 0228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/19 11:39:25.0241 0228 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/19 11:39:25.0274 0228 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/19 11:39:25.0314 0228 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/19 11:39:25.0373 0228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/19 11:39:25.0458 0228 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/19 11:39:25.0517 0228 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/19 11:39:25.0547 0228 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/19 11:39:25.0670 0228 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/19 11:39:25.0724 0228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/19 11:39:25.0775 0228 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/02/19 11:39:25.0812 0228 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/19 11:39:25.0865 0228 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/02/19 11:39:25.0920 0228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/19 11:39:25.0999 0228 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/19 11:39:26.0064 0228 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/19 11:39:26.0105 0228 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/19 11:39:26.0174 0228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/19 11:39:26.0234 0228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 11:39:26.0266 0228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 11:39:26.0327 0228 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/19 11:39:26.0400 0228 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/19 11:39:26.0535 0228 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/19 11:39:26.0646 0228 WinDriver6 (2c7d830e86b378771af5dafeae428a09) C:\Windows\system32\Drivers\windrvr6.sys
2011/02/19 11:39:26.0760 0228 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/19 11:39:26.0899 0228 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/19 11:39:26.0990 0228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/19 11:39:27.0102 0228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/19 11:39:27.0158 0228 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/19 11:39:27.0314 0228 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/19 11:39:27.0322 0228 ================================================================================
2011/02/19 11:39:27.0322 0228 Scan finished
2011/02/19 11:39:27.0322 0228 ================================================================================
2011/02/19 11:39:27.0342 3928 Detected object count: 2
2011/02/19 11:39:54.0178 3928 Locked file(sptd) - User select action: Skip
2011/02/19 11:39:54.0211 3928 \HardDisk0 - will be cured after reboot
2011/02/19 11:39:54.0256 3928 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/19 11:40:07.0303 2732 Deinitialize success

broni · 2011/02/19

Well done

How is redirection?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ThomasDraco · 2011/02/20

Combofix log part 1:

ComboFix 11-02-20.01 - Robert aka Dad 02/20/2011 14:56:53.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1022.390 [GMT -5:00]
Running from: c:\users\Robert aka Dad\Documents\Toms Stuff\New Folder\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\whitesmoketoolbar
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png
c:\program files\whitesmoketoolbar\chrome\skin\about.gif
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png
c:\program files\whitesmoketoolbar\chrome\skin\blank_png
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png
c:\program files\whitesmoketoolbar\chrome\skin\ca.png
c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png
c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png
c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png
c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png
c:\program files\whitesmoketoolbar\chrome\skin\divider.png
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png
c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png
c:\program files\whitesmoketoolbar\chrome\skin\email.png
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png
c:\program files\whitesmoketoolbar\chrome\skin\france_png
c:\program files\whitesmoketoolbar\chrome\skin\games.png
c:\program files\whitesmoketoolbar\chrome\skin\games_png
c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png
c:\program files\whitesmoketoolbar\chrome\skin\images.png
c:\program files\whitesmoketoolbar\chrome\skin\italy_png
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png
c:\program files\whitesmoketoolbar\chrome\skin\logo.png
c:\program files\whitesmoketoolbar\chrome\skin\mail.png
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png
c:\program files\whitesmoketoolbar\chrome\skin\modify.png
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png
c:\program files\whitesmoketoolbar\chrome\skin\music.png
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css
c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png
c:\program files\whitesmoketoolbar\chrome\skin\news.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png
c:\program files\whitesmoketoolbar\chrome\skin\rss.png
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png
c:\program files\whitesmoketoolbar\chrome\skin\search.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\whitesmoketoolbar\chrome\skin\settings.png
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml
c:\program files\whitesmoketoolbar\chrome\skin\spain_png
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png
c:\program files\whitesmoketoolbar\chrome\skin\translate.png
c:\program files\whitesmoketoolbar\chrome\skin\Translate_png
c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png
c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png
c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png
c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png
c:\program files\whitesmoketoolbar\chrome\skin\usa_png
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png
c:\program files\whitesmoketoolbar\chrome\skin\web.png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png
c:\program files\whitesmoketoolbar\components\windowmediator.js
c:\program files\whitesmoketoolbar\manifest.xml
c:\program files\whitesmoketoolbar\toolbar.xml
c:\program files\whitesmoketoolbar\uninstall.exe
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll
c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
c:\programdata\hpeF018.dll
c:\users\Robert aka Dad\AppData\Roaming\defender.exe
c:\users\Robert aka Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Spyware Protection .lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\rcrsfnn.dll

ThomasDraco · 2011/02/20

Combofix log part 2:

.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 20:07 . 2011-02-20 20:08 -------- d-----w- c:\users\Robert aka Dad\AppData\Local\temp
2011-02-20 20:07 . 2011-02-20 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 16:08 . 2011-02-19 16:08 -------- d-----w- c:\programdata\Tarma Installer
2011-02-19 16:08 . 2011-02-19 16:08 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-18 22:24 . 2011-02-18 22:24 135168 --sha-r- c:\windows\system32\lfbmp13nn.dll
2011-02-18 18:01 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 18:01 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 16:28 . 2011-02-18 16:28 -------- d-----w- c:\programdata\MFAData
2011-02-18 16:15 . 2011-02-18 16:15 -------- d-----w- c:\program files\Windows Live Safety Center
2011-02-18 15:44 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4DB637A-CFDE-439D-BD96-D8F881A394E6}\mpengine.dll
2011-02-18 03:19 . 2011-02-18 03:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\Temporary Internet Files
2011-02-09 10:29 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 10:29 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 10:29 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 10:29 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 10:29 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-03 22:35 . 2011-02-03 22:35 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-12 12:56 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 12:55 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-10 05:11 . 2010-12-10 05:11 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-01-20 19:44 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel "= "c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"{9AA8FE27-89A8-99BA-8b85-9AE9B9ABA99F} "= "c:\program files\Alltel Broadband Connect\AvqAutorun.exe" [2009-10-19 73728]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI "= "MIDIDEF.EXE" [2006-11-28 28672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-6 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-10-27 54544]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [2009-10-27 22032]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-10-27 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-10-27 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-10-27 115216]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-10-27 160400]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 717296]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080421.002\IDSvix86.sys [2008-03-12 261680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]

--- Other Services/Drivers In Memory ---

*Deregistered* - SymEvent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: soaringeaglecasino.com\www
Trusted Zone: stormofaces.com\www
Trusted Zone: wildblue.com\www
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Spyware Protection - c:\users\Robert aka Dad\AppData\Roaming\defender.exe
AddRemove-Aces High - c:\hitech~1\ACESHI~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 15:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-02-20 15:13:55
ComboFix-quarantined-files.txt 2011-02-20 20:13

Pre-Run: 26,822,365,184 bytes free
Post-Run: 26,903,998,464 bytes free

- - End Of File - - 6A93770ABB77AC2561CD008F6220B408

ThomasDraco · 2011/02/20

Oh, and the redirecting is non-existant as of now, as far as I know.

broni · 2011/02/20

I'm glad to hear good news
Let me take a look at your Combofix log.

broni · 2011/02/20

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\lfbmp13nn.dll
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

ThomasDraco · 2011/02/20

"broni said: ↑
1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\lfbmp13nn.dll
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Click to expand...
Here's the log:

ComboFix 11-02-20.01 - Robert aka Dad 02/20/2011 16:31:20.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1022.412 [GMT -5:00]
Running from: c:\users\Robert aka Dad\Documents\Toms Stuff\New Folder\ComboFix.exe
Command switches used :: c:\users\Robert aka Dad\Documents\Toms Stuff\New Folder\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\lfbmp13nn.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lfbmp13nn.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 21:42 . 2011-02-20 21:43 -------- d-----w- c:\users\Robert aka Dad\AppData\Local\temp
2011-02-20 21:42 . 2011-02-20 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 16:08 . 2011-02-19 16:08 -------- d-----w- c:\programdata\Tarma Installer
2011-02-19 16:08 . 2011-02-19 16:08 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-18 18:01 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 18:01 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 16:28 . 2011-02-18 16:28 -------- d-----w- c:\programdata\MFAData
2011-02-18 16:15 . 2011-02-18 16:15 -------- d-----w- c:\program files\Windows Live Safety Center
2011-02-18 15:44 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4DB637A-CFDE-439D-BD96-D8F881A394E6}\mpengine.dll
2011-02-18 03:19 . 2011-02-18 03:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\Temporary Internet Files
2011-02-09 10:29 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 10:29 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 10:29 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 10:29 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 10:29 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-03 22:35 . 2011-02-03 22:35 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-12 12:56 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 12:55 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-10 05:11 . 2010-12-10 05:11 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-01-20 19:44 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel "= "c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"{9AA8FE27-89A8-99BA-8b85-9AE9B9ABA99F} "= "c:\program files\Alltel Broadband Connect\AvqAutorun.exe" [2009-10-19 73728]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI "= "MIDIDEF.EXE" [2006-11-28 28672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-6 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-10-27 54544]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [2009-10-27 22032]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-10-27 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-10-27 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-10-27 115216]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-10-27 160400]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 717296]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080421.002\IDSvix86.sys [2008-03-12 261680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]

--- Other Services/Drivers In Memory ---

*Deregistered* - SymEvent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: soaringeaglecasino.com\www
Trusted Zone: stormofaces.com\www
Trusted Zone: wildblue.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 16:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "YMP.Media "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-02-20 16:46:41
ComboFix-quarantined-files.txt 2011-02-20 21:46
ComboFix2.txt 2011-02-20 20:13

Pre-Run: 27,194,667,008 bytes free
Post-Run: 27,172,392,960 bytes free

- - End Of File - - DDAD1212471908B18C59A817325B4F77

broni · 2011/02/20

Very good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ThomasDraco · 2011/02/20

OTL.txt

OTL logfile created on: 2/20/2011 5:19:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert aka Dad\Documents\Toms Stuff\New Folder
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 25.35 Gb Free Space | 18.24% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.02 Gb Free Space | 0.21% Space Free | Partition Type: NTFS

Computer Name: ROBERTAKADAD-PC | User Name: Robert aka Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/20 17:18:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Robert aka Dad\Documents\Toms Stuff\New Folder\OTL.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/19 14:51:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Alltel Broadband Connect\AvqAutorun.exe
PRC - [2009/08/17 00:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/28 15:52:20 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/09/28 15:46:50 | 000,155,648 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe

========== Modules (SafeList) ==========

MOD - [2011/02/20 17:18:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Robert aka Dad\Documents\Toms Stuff\New Folder\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/01/20 08:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/17 00:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2009/12/26 17:07:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/27 02:28:50 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV - [2009/10/27 02:28:38 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV - [2009/10/27 02:28:32 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV - [2009/10/27 02:28:26 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV - [2009/10/27 02:28:14 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWCDF.sys -- (PTUMWCDF)
DRV - [2009/10/27 02:28:04 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/04/14 02:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/21 17:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 17:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/03/12 08:30:08 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080421.002\IDSvix86.sys -- (IDSvix86)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/02 14:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/06 23:26:33 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/06/06 23:26:33 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/06/06 23:26:33 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/28 20:05:30 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/11/28 20:04:38 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/11/28 20:03:18 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/11/28 20:03:08 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/11/28 20:02:46 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/11/28 20:01:44 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/11/28 20:01:18 | 000,520,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/11/28 20:01:08 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2003/08/10 13:17:58 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.whitesmokestart.com/?cfg=2-267-0-0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.whitesmokestart.com/?cfg=2-267-0-0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2011/02/03 17:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert aka Dad\AppData\Roaming\Mozilla\Extensions
[2009/08/05 19:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert aka Dad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/02/20 16:43:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O4 - HKLM..\Run: [{9AA8FE27-89A8-99BA-8b85-9AE9B9ABA99F}] C:\Program Files\Alltel Broadband Connect\AvqAutorun.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: soaringeaglecasino.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: wildblue.com ([www] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270691030529 (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Robert aka Dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Robert aka Dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 16:46:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/20 16:46:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/20 16:46:43 | 000,000,000 | ---D | C] -- C:\Users\Robert aka Dad\AppData\Local\temp
[2011/02/20 16:28:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/20 14:52:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/20 14:52:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/20 14:52:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/20 14:50:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/20 14:48:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/19 11:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/02/19 11:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/18 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\Robert aka Dad\AppData\Roaming\Sun
[2011/02/18 13:01:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/18 13:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/18 13:01:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/18 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/18 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/02/14 19:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[2011/02/10 22:23:28 | 000,000,000 | ---D | C] -- C:\Users\Robert aka Dad\Documents\New Folder
[2011/02/10 20:29:20 | 000,000,000 | ---D | C] -- C:\Users\Robert aka Dad\Documents\GSJD21
[2011/02/04 19:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/02/03 17:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2007/06/06 23:19:36 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2006/09/14 10:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/02/20 16:45:57 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 16:45:57 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 16:43:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/20 14:50:32 | 000,612,592 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/20 14:50:32 | 000,107,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/20 14:46:11 | 000,000,445 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/02/20 14:45:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/20 14:45:08 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2011/02/20 14:45:08 | 000,054,724 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2011/02/20 14:45:08 | 000,054,724 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2011/02/20 14:45:08 | 000,001,072 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2011/02/20 14:45:08 | 000,001,072 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2011/02/19 11:08:35 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/02/18 14:41:03 | 000,445,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/18 13:01:23 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 09:28:21 | 000,020,992 | ---- | M] () -- C:\Users\Robert aka Dad\Desktop\New Microsoft Word Document (2).doc
[2011/02/18 09:28:20 | 000,045,634 | ---- | M] () -- C:\Users\Robert aka Dad\AppData\Roaming\wklnhst.dat
[2011/02/18 09:28:14 | 000,024,576 | ---- | M] () -- C:\Users\Robert aka Dad\Desktop\New Microsoft Word Document.doc
[2011/02/11 21:57:58 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/10 19:51:26 | 135,744,363 | ---- | M] () -- C:\Users\Robert aka Dad\Documents\GSJD21.zip
[2011/02/09 14:51:52 | 000,093,501 | ---- | M] () -- C:\Users\Robert aka Dad\Documents\TaxReturn.pdf
[2011/02/09 14:50:07 | 000,888,802 | ---- | M] () -- C:\Users\Robert aka Dad\Documents\2010 taxes.pdf
[2011/02/03 17:37:21 | 000,001,854 | ---- | M] () -- C:\Users\Robert aka Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2011/02/20 14:52:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/20 14:52:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/20 14:52:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/20 14:52:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/20 14:52:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/18 13:01:23 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 08:53:11 | 000,020,992 | ---- | C] () -- C:\Users\Robert aka Dad\Desktop\New Microsoft Word Document (2).doc
[2011/02/10 19:50:47 | 135,744,363 | ---- | C] () -- C:\Users\Robert aka Dad\Documents\GSJD21.zip
[2011/02/09 14:51:51 | 000,093,501 | ---- | C] () -- C:\Users\Robert aka Dad\Documents\TaxReturn.pdf
[2011/02/09 14:49:55 | 000,888,802 | ---- | C] () -- C:\Users\Robert aka Dad\Documents\2010 taxes.pdf
[2011/02/03 17:37:21 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/02/03 17:37:21 | 000,001,854 | ---- | C] () -- C:\Users\Robert aka Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/03 17:37:20 | 000,002,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2010/06/06 20:29:40 | 000,004,216 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Local\rx_audio.Cache
[2010/04/01 11:38:18 | 000,023,580 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Roaming\UserTile.png
[2010/03/27 13:02:04 | 000,010,440 | ---- | C] () -- C:\Windows\System32\ptumwcit.dll
[2009/12/26 17:07:19 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/27 14:11:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/11/27 14:08:28 | 000,000,053 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2009/09/28 11:19:29 | 000,000,072 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Local\rx_image.Cache
[2009/09/19 20:36:53 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/09/19 20:36:53 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/18 06:35:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/08 04:41:47 | 000,050,982 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/07 20:32:27 | 000,050,982 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/31 12:51:17 | 000,000,345 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Roaming\flashfavorite.htm
[2009/01/09 21:24:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\eautil.dll
[2008/11/27 08:18:02 | 000,000,680 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Local\d3d9caps.dat
[2008/03/26 06:43:29 | 000,000,102 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Local\fusioncache.dat
[2008/03/25 09:24:30 | 000,045,634 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Roaming\wklnhst.dat
[2008/03/23 20:03:40 | 000,080,896 | ---- | C] () -- C:\Users\Robert aka Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/06 23:19:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2007/06/06 23:19:37 | 000,000,269 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2007/06/06 23:19:37 | 000,000,053 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/06/06 23:19:35 | 000,065,129 | ---- | C] () -- C:\Windows\System32\claptn.ini
[2007/06/06 16:16:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/20 11:22:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/06 09:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS

========== LOP Check ==========

[2010/01/14 06:22:59 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Costco Photo Viewer US
[2009/01/19 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\DataCast
[2009/07/22 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\EasyJob Resume Builder
[2011/02/18 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\FrostWire
[2009/03/07 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\ImTOO Software Studio
[2010/03/13 08:52:25 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Laplink
[2009/01/16 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Moyea
[2010/04/01 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\PeerNetworking
[2010/12/21 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Philipp Winterberg
[2010/05/21 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\SanDisk
[2008/06/05 07:59:51 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Template
[2010/03/27 20:32:36 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Uniblue
[2011/02/20 14:45:05 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 08:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/02/20 16:46:41 | 000,013,573 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/06/06 23:28:39 | 000,005,847 | RH-- | M] () -- C:\dell.sdr
[2008/04/09 19:22:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/09 19:22:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/20 14:45:45 | 1385,963,520 | -HS- | M] () -- C:\pagefile.sys
[2007/06/06 16:25:28 | 000,000,070 | ---- | M] () -- C:\SystemInfo.ini
[2011/02/19 11:45:57 | 000,069,920 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_19.02.2011_11.38.59_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/19 21:12:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/11/02 04:46:11 | 000,089,600 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMPRTPRC.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/01 23:16:29 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/19 21:32:30 | 000,000,286 | -HS- | M] () -- C:\Users\Robert aka Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/04/19 08:43:13 | 000,000,148 | ---- | M] () -- C:\Users\Robert aka Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\photo.php-pid=2176678&id=1367047055.url

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/03/24 20:00:59 | 000,000,402 | -HS- | M] () -- C:\Users\Robert aka Dad\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/12/05 08:11:38 | 000,050,982 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

ThomasDraco · 2011/02/20

Extra.txt:

OTL Extras logfile created on: 2/20/2011 5:19:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert aka Dad\Documents\Toms Stuff\New Folder
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 25.35 Gb Free Space | 18.24% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.02 Gb Free Space | 0.21% Space Free | Partition Type: NTFS

Computer Name: ROBERTAKADAD-PC | User Name: Robert aka Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{110CCB11-5384-4A7B-AD5A-31201E5F5469}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{120ED85B-3AE5-44D8-8F02-97DAE9E5C598}" = rport=137 | protocol=17 | dir=out | app=system |
"{125B40B5-DEF7-415E-B1FF-8E056CD77F68}" = lport=443 | protocol=6 | dir=in | name=ds5 |
"{18CD4BD0-1ABA-47F7-867A-0BD982D1C85D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{206E8ED1-C7D7-451B-8FBC-7985A23347E4}" = lport=29990 | protocol=6 | dir=in | name=ds2 |
"{22984FFC-7D25-499D-90BA-F6AA5C2977EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23004EE0-B604-4900-B271-AEC710E3B25F}" = lport=137 | protocol=17 | dir=in | name=robert |
"{2A2B13E0-02AD-4F2D-B548-0469A5F5294F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C70B6A0-3C10-43AE-A77F-FFA90DF959CA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2EDA9FB6-B0E3-45A4-A8EC-64F3B4E92991}" = lport=29901 | protocol=6 | dir=in | name=ds3 |
"{347ADDC1-194F-4B0E-BDE9-79F15017F1DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BB2AF73-BF8E-4CAB-B801-126A51574FB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BBFDFAE-CA42-4BA0-879F-061C7458C5C1}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{3CA96B0D-65A6-4C0F-BDA7-E0EFBDE6E7DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43D59FCF-C51A-4255-81FE-1053302B9952}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{56C783BB-ABB0-4459-B29D-6C07FA1351CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{590A6164-28DD-40C0-B681-E9E84A60B057}" = lport=138 | protocol=17 | dir=in | app=system |
"{61BD7A6B-BD5A-4A75-8046-4C8A0F48BCCF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{636873C0-F76E-44B9-AE7D-8833EDF781F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70C46652-B5AB-4C97-9809-9469D3F752B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70FAC2C6-48F6-441B-9D43-C0AF7581A299}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{72142419-108B-4A4D-9B0F-08099863FD12}" = lport=445 | protocol=6 | dir=in | app=system |
"{78D8986F-48D6-45A5-AAD0-98BE80A477EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79FB1B72-F939-4133-A1E3-D2C9E21C8D61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{814C580C-B7A3-42A9-BCB9-CAAD17456E55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84533BC4-21CA-4EB1-88E5-8691F9C4C509}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{86CA6A8A-8D22-41A0-A84B-86ACA4563972}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E2F4EAD-04AA-48B5-86FA-850F7ABAD682}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8F0F704B-70A2-4A5C-9319-2FAE167CB36A}" = lport=28910 | protocol=6 | dir=in | name=ds1 |
"{9952B556-1299-4961-8E9A-284B58ADD859}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A0A75AD6-7BD1-4460-8494-94CFA9BFE0DC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A40BCDAB-5E78-46DA-A268-EF1BD1A653AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4E3828B-BD7E-4780-B1B5-46214BBD9EFD}" = lport=139 | protocol=6 | dir=in | name=robert |
"{A8F228AA-3013-47C7-8EDE-FF927B7084DF}" = lport=138 | protocol=17 | dir=in | name=robert |
"{A9852550-9D2E-4E42-B7A9-2A51C73C85AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{ABC7648E-0BBC-4354-863F-732EBD0D9746}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6297F8C-7B02-41F9-8BD5-7836347D2320}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8869AC2-9865-40C1-A533-486E69C1389A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BF08D6A1-B82C-4876-AA73-1AB794C7BBE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFA6C7D7-7879-4954-8E4A-4FA3154E9CF6}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF602E19-1BC4-48F8-A7DC-B2B213CC2640}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D28049DE-90D8-42C2-A72E-F37E7ECDF3B1}" = lport=80 | protocol=6 | dir=in | name=ds4 |
"{D35659CD-60CF-4A60-9984-F5780E25405D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E087B3D4-EC2F-4099-BBE2-46D94E27B103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB257857-B602-499A-8858-97B0E9F14373}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD72ADA5-F120-44D1-9E94-F8B0BC5EDD3E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098BBD49-EDED-47FA-BC2B-8F053E0C7B9A}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{0A5C5A6F-8F55-4963-A066-4BF2011E40E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B9035A9-7FF7-4AB5-A752-0E042B0CBB2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{195F8BE2-BD12-4926-9505-328CF7AB1FD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{204640FA-29F2-45BF-8F07-023D012F9DAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2163F3FE-544C-4203-A22D-2BD01205311E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D433E6-EC9B-4029-830A-995089DBE5B8}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{26C14BB1-8B64-4294-BD81-F1B2EF66DEB6}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{33D43085-355B-4168-B699-18CC40EC1334}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{383EE776-0196-4E0B-892A-8293A5375135}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{38ED6203-7A5C-4B21-A30A-638051CE92DD}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{459E8383-FA7A-4A25-B713-BDBAEDE1940E}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4DBD99B8-5916-462D-82EA-131D56C505A4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{50CE0F79-8521-40F9-994B-54176A8B9DDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{595103FD-93B2-4FFF-86DF-D2FB3E6D73B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C79C89C-41F0-45F3-91A6-85158FEEC2F4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5D6BBD43-84AD-46A4-8F76-BF3BBBAA2C5A}" = protocol=6 | dir=in | app=c:\hitech creations\aces high\aceshigh.exe |
"{66ED2F10-012E-45BB-B3C9-AE2D00917159}" = protocol=6 | dir=out | app=system |
"{6782B7AF-8243-4059-BFB2-76183985C675}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6EE3F0A9-E012-4B9D-9694-A29CD0DAFE8E}" = protocol=17 | dir=in | app=c:\games\aces high ii\aceshigh.exe |
"{7B203E46-1C2C-4D35-B4A7-F0F520F5A5D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84307963-72EB-499A-8A6A-1E1104BA73EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85F01EA3-60D2-420F-8C3B-DB7948514670}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D983354-6DE8-40C7-8D6C-21899C14E750}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9350223C-C7A0-4351-9073-1C39C7179F31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{963114C6-C558-4ABE-BF82-793A7B41DA2D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9F383B71-DB74-47F8-88FF-AB2F81F0253F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AF9FC7C0-D17E-4110-99B7-CC1ABD36769A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4C0CAEA-A063-48FA-95C9-F169D1EB6E33}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B85793CF-19A4-4126-9503-5F0483328F38}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B85BF7D8-3DD8-4DF5-8281-6E6BAF06F81D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B95B0F5E-B529-43A3-9119-F95EB50A7DD1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0A034AD-76DD-419B-B544-4A0AB62CD597}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB16688F-CB94-411F-AE34-D8DBF2AB488E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC35AC2F-3D50-4872-B83C-34C4AC733574}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D24BA0F7-EA61-4EC0-87D7-9AB5D57CD4C5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D58CD336-1C74-4237-AF17-2261FDF71542}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DACDBF9E-2632-4143-907D-6D2E1BAD7F6F}" = protocol=17 | dir=in | app=c:\hitech creations\aces high\aceshigh.exe |
"{DC54DB09-275D-4AA0-B26C-AA5EE701D57F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7CFE4AF-147C-43A7-B2B1-C7EBAA142A60}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{FC9414A4-5D6F-4C2E-BC55-C91B6C527BA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6EE32A-B8C9-41A9-8CFA-0E4714988C5D}" = protocol=6 | dir=in | app=c:\games\aces high ii\aceshigh.exe |
"TCP Query User{216578D4-CB8F-4AFB-91B0-78950D900E00}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{63E1F38D-BFB3-4500-951B-8C26F9EA4B0F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AA14DE91-172D-4A08-A0EC-9FA6698F1E32}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D1E86DA5-49B3-4FEB-93EB-206F7F398441}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{1CB2E5A3-DEFF-44EE-9CB4-FEE35AC01983}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5456E690-C33F-45A1-9573-BEB15A65CA63}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{CAF35A09-4B65-4F9F-83BF-14D380E40DB8}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B9AA870-4260-4B1D-9384-DCBADDE2F519}" = SymNet
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{20431786-1593-4A49-A48F-B062410D249B}" = Mobile PhoneTools
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{55B1FD98-37E8-493C-AF9B-10EF8A9D0183}" = Symantec Real Time Storage Protection Component
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = Alltel Broadband Connect
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8307E622-89E1-435A-BC8A-678C678F6A43}" = SA30xx Media Converter
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.19
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EasyJob Resume Builder_is1" = EasyJob Resume Builder 4.67.2318
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Fighter Ace Anniversary Edition" = Fighter Ace Anniversary Edition
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy
"SystemRequirementsLab" = System Requirements Lab
"WildTangent dell Master Uninstall" = Dell Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/02/20

You could definitely use more RAM.
Vista will run much better with at least 2GB of RAM.

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=================================================================

You don't have any active AV program running.
However, you have some Norton's leftovers.
Please run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
Then.....
Please, install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: soaringeaglecasino.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1076728386-3367342341-1048891375-1002\..Trusted Domains: wildblue.com ([www] http in Trusted sites)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplug...?1270691030529 (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/03/27 20:32:36 | 000,000,000 | ---D | M] -- C:\Users\Robert aka Dad\AppData\Roaming\Uniblue


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

ThomasDraco · 2011/02/20

OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\fighterace\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\primary\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\update\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soaringeaglecasino.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\stormofaces.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1076728386-3367342341-1048891375-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wildblue.com\www\ deleted successfully.
Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945}
C:\Windows\Downloaded Program Files\axfbootloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Robert aka Dad\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Robert aka Dad\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Robert aka Dad\AppData\Roaming\Uniblue folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Robert aka Dad
->Temp folder emptied: 19303955 bytes
->Temporary Internet Files folder emptied: 37913324 bytes
->Java cache emptied: 4015 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 19661 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 32520 bytes

Total Files Cleaned = 55.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Robert aka Dad
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02202011_204452

Files\Folders moved on Reboot...
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\W8M3LNCB\ads.htm moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\W8M3LNCB\audmeasure[1].gif moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\W8M3LNCB\audmeasure[2].gif moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\W8M3LNCB\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\W8M3LNCB\p-01-0VIaSjnOLg[3].gif moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\C1DYH80E\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\Content.IE5\C1DYH80E\97854-active-windows-vista-google-redirect-malware-2[1].htm moved successfully.
C:\Users\Robert aka Dad\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

ThomasDraco · 2011/02/20

Security Check log:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Working on the Temp File Cleaner and ESET now.

Log in or Sign up

Solved Windows Vista Google Redirect Malware

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

Admin. Administrator Administrator Staff

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Windows Vista Google Redirect Malware

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

Admin. Administrator Administrator Staff

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

broni Moderator Malware Analyst

ThomasDraco Inactive Thread Starter

ThomasDraco Inactive Thread Starter

Share This Page

Useful Searches