Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

redirected searches

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Sat Nov 05, 2011 9:11 pm    Post subject: redirected searches Reply with quote

I have what appears to be a pretty standard malware problem: When using Google in Firefox, I get redirected to sites other than the ones I clicked on. Sometimes I get redirected when trying to navigate within other sites. (E.g. I'm on my Facebook homepage, click on "Events," and wind up seeing yellow page listings for some random garbage. That kind of thing.) Malwarebites found nothing, Spybot found nothing. Ad-Aware found something it was unusually concerned about last night, which I removed (I saved the log from that scan; if you think it'll be helpful I can post it). Things seemed fine for nearly a day, then the problem resurfaced (and this time Ad-Aware doesn't find the problem, not surprisingly).

This is a private home computer. It is owned by my parents, though I also use it. I should forewarn you that I'm not the most technologically literate person, so I might be a little slow on the uptake with instructions.

And thanks in advance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Owner at 23:36:12 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.300 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281725831187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FCA55355-0785-4C89-8E91-EABA652FB9B1} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\2ri2p9sv.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-5 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-05 08:53:57 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-05 06:25:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-05 06:07:54 -------- d-----w- c:\documents and settings\owner\local settings\application data\adaware
2011-11-05 06:07:51 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-11-05 06:07:48 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-05 06:07:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-05 06:07:22 -------- d-----w- c:\program files\Lavasoft
2011-11-05 05:32:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-05 05:32:07 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-05 05:32:07 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-05 05:32:07 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-05 05:32:07 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-05 05:32:07 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-05 05:32:07 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-05 05:32:07 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-02 11:29:33 -------- d-----w- c:\windows\system32\appmgmt
2011-10-23 17:58:24 -------- d-----w- c:\program files\Fated Haven - Chapter One
2011-10-23 17:28:09 -------- d-----w- c:\program files\Drawn - Trail of Shadows Collector's Edition
2011-10-22 04:56:40 -------- d-----w- c:\program files\Guardian Angels
.
==================== Find3M ====================
.
2011-11-02 11:43:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 01:40:36 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 23:37:17.04 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/13/2010 12:45:51 PM
System Uptime: 11/5/2011 3:58:59 AM (20 hours ago)
.
Motherboard: Dell Inc. | | 0WJ770
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 37.409 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP368: 8/8/2011 7:13:28 AM - System Checkpoint
RP369: 8/9/2011 7:25:29 AM - System Checkpoint
RP370: 8/10/2011 7:37:29 AM - System Checkpoint
RP371: 8/11/2011 8:13:28 AM - System Checkpoint
RP372: 8/12/2011 8:25:28 AM - System Checkpoint
RP373: 8/13/2011 9:13:29 AM - System Checkpoint
RP374: 8/14/2011 9:38:27 AM - System Checkpoint
RP375: 8/15/2011 10:13:28 AM - System Checkpoint
RP376: 8/16/2011 10:49:29 AM - System Checkpoint
RP377: 8/17/2011 11:13:30 AM - System Checkpoint
RP378: 8/18/2011 1:49:16 PM - System Checkpoint
RP379: 8/19/2011 3:12:47 PM - System Checkpoint
RP380: 8/20/2011 3:19:47 PM - System Checkpoint
RP381: 8/21/2011 4:22:34 PM - System Checkpoint
RP382: 8/22/2011 5:05:58 PM - System Checkpoint
RP383: 8/23/2011 6:22:34 PM - System Checkpoint
RP384: 8/24/2011 7:27:10 PM - System Checkpoint
RP385: 8/25/2011 7:30:46 PM - System Checkpoint
RP386: 8/26/2011 8:08:22 PM - System Checkpoint
RP387: 8/27/2011 8:13:29 PM - System Checkpoint
RP388: 8/28/2011 9:31:25 PM - System Checkpoint
RP389: 8/29/2011 9:54:01 PM - System Checkpoint
RP390: 8/30/2011 9:58:53 PM - System Checkpoint
RP391: 8/31/2011 10:14:01 PM - System Checkpoint
RP392: 9/2/2011 2:34:10 AM - System Checkpoint
RP393: 9/3/2011 4:09:21 AM - System Checkpoint
RP394: 9/4/2011 4:13:05 AM - System Checkpoint
RP395: 9/5/2011 4:25:05 AM - System Checkpoint
RP396: 9/6/2011 4:49:06 AM - System Checkpoint
RP397: 9/7/2011 5:13:05 AM - System Checkpoint
RP398: 9/8/2011 7:15:03 AM - System Checkpoint
RP399: 9/9/2011 7:49:05 AM - System Checkpoint
RP400: 9/10/2011 8:13:03 AM - System Checkpoint
RP401: 9/11/2011 9:04:42 AM - System Checkpoint
RP402: 9/12/2011 9:28:42 AM - System Checkpoint
RP403: 9/13/2011 9:52:44 AM - System Checkpoint
RP404: 9/14/2011 10:29:49 AM - System Checkpoint
RP405: 9/15/2011 11:38:10 AM - System Checkpoint
RP406: 9/16/2011 12:17:42 PM - System Checkpoint
RP407: 9/17/2011 12:28:43 PM - System Checkpoint
RP408: 9/18/2011 1:06:33 PM - System Checkpoint
RP409: 9/19/2011 2:34:52 PM - System Checkpoint
RP410: 9/20/2011 3:57:29 PM - System Checkpoint
RP411: 9/21/2011 4:32:23 PM - System Checkpoint
RP412: 9/22/2011 7:07:11 PM - System Checkpoint
RP413: 9/23/2011 8:09:34 PM - System Checkpoint
RP414: 9/24/2011 8:54:18 PM - System Checkpoint
RP415: 9/25/2011 9:15:43 PM - System Checkpoint
RP416: 9/26/2011 10:03:43 PM - System Checkpoint
RP417: 9/27/2011 10:51:45 PM - System Checkpoint
RP418: 9/29/2011 12:17:37 AM - System Checkpoint
RP419: 9/30/2011 1:27:36 AM - System Checkpoint
RP420: 10/1/2011 3:41:25 AM - System Checkpoint
RP421: 10/1/2011 12:15:35 PM - Installed hp business inkjet 1100
RP422: 10/2/2011 12:15:46 PM - System Checkpoint
RP423: 10/3/2011 12:51:47 PM - System Checkpoint
RP424: 10/4/2011 1:03:46 PM - System Checkpoint
RP425: 10/5/2011 1:51:45 PM - System Checkpoint
RP426: 10/6/2011 2:52:11 PM - System Checkpoint
RP427: 10/7/2011 3:59:45 PM - System Checkpoint
RP428: 10/8/2011 4:57:47 PM - System Checkpoint
RP429: 10/9/2011 5:21:46 PM - System Checkpoint
RP430: 10/10/2011 5:58:51 PM - System Checkpoint
RP431: 10/11/2011 7:44:43 PM - System Checkpoint
RP432: 10/12/2011 8:06:26 PM - System Checkpoint
RP433: 10/13/2011 9:11:46 PM - System Checkpoint
RP434: 10/14/2011 9:48:12 PM - System Checkpoint
RP435: 10/15/2011 10:41:03 PM - System Checkpoint
RP436: 10/16/2011 11:03:15 PM - System Checkpoint
RP437: 10/18/2011 3:12:42 AM - System Checkpoint
RP438: 10/19/2011 5:10:29 AM - System Checkpoint
RP439: 10/20/2011 5:30:21 AM - System Checkpoint
RP440: 10/21/2011 5:42:20 AM - System Checkpoint
RP441: 10/22/2011 6:06:18 AM - System Checkpoint
RP442: 10/23/2011 7:15:17 AM - System Checkpoint
RP443: 10/24/2011 7:18:16 AM - System Checkpoint
RP444: 10/25/2011 8:30:15 AM - System Checkpoint
RP445: 10/26/2011 9:18:16 AM - System Checkpoint
RP446: 10/27/2011 9:30:14 AM - System Checkpoint
RP447: 10/28/2011 10:22:38 AM - System Checkpoint
RP448: 10/29/2011 11:06:12 AM - System Checkpoint
RP449: 10/30/2011 11:30:12 AM - System Checkpoint
RP450: 10/31/2011 12:12:01 PM - System Checkpoint
RP451: 11/1/2011 1:30:13 PM - System Checkpoint
RP452: 11/2/2011 6:28:49 AM - Removed hp business inkjet 1100
RP453: 11/3/2011 6:49:31 AM - System Checkpoint
RP454: 11/4/2011 7:37:30 AM - System Checkpoint
RP455: 11/5/2011 1:06:11 AM - Installed Ad-Aware
RP456: 11/5/2011 1:07:19 AM - Installed Ad-Aware
.
==== Installed Programs ======================
.
3 Stars of Destiny
Ad-Aware
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arvale- Treasure of Memories- Episode I
Asguaard
Aveyond
Aveyond - Lord of Twilight
Aveyond - The Darkthrop Prophecy
Aveyond - The Lost Orb
Aveyond 2
Aveyond: Gates of Night
Aveyond: The Darkthrop Prophecy Strategy Guide
Aveyond: The Lost Orb Strategy Guide
Big Fish Games: Game Manager
Bistro Boulevard
Bonjour
Catwalk Countdown
Chocolatier: Decadence by Design
Cindy's Travels: Flooded Kingdom
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Cooking Dash 3: Thrills and Spills
Cooking Dash: DinerTown Studios
Coupon Printer for Windows
Dawn's Light 1.3
Dawn's Light 2
Dawn's Light 2 Strategy Guide
Dawn's Light: A Christmas Tale 1.0
Dawn's Light: Another Christmas Tale
Delicious-Emilys Holiday Season
Delicious - Emily's Childhood Memories Premium Edition
Delicious - Emily's Taste of Fame
Diner Dash 5: Boom
DolbyFiles
Drawn: Dark Flight &reg; Collector's Editon
Drawn™: Trail of Shadows Collector's Edition
Dreamscape
DVD Suite
Echoes of the Past: The Castle of Shadows
Escape From Paradise 2: A Kingdom's Quest
Fairy Godmother Tycoon
Farm Craft
Farm Tribe
Fated Haven: Chapter One
Forgotten Lands: First Colony ™
Garden Dash
Garden Defense
Gemini Lost
Grim Facade: Mystery of Venice Collector’s Edition
Grim Tales: The Bride Collector's Edition
Guardian Angels
Haunted Domains
Haunted Halls: Green Hills Sanitarium Collector's Edition
Haunted Legends: The Queen of Spades Collector's Edition
Hidato Adventures
High Definition Audio Driver Package - KB835221
Hobby Farm
Hotel Dash 2: Lost Luxuries
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Jack of All Tribes
Java Auto Updater
Java(TM) 6 Update 22
Jet Set Go
King's Legacy
Laxius Force
Lexmark Z700-P700 Series
Life Quest ™
Lilly and Sasha: Curse of the Immortals
Macabre Mysteries: Curse of the Nightingale Collector's Edition
Mahjong Escape Ancient Japan
Mall-a-Palooza
Malwarebytes' Anti-Malware version 1.51.2.1300
Menu Templates - Starter Kit
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Monster Mash
Movie Templates - Starter Kit
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
My Kingdom for the Princess
My Kingdom for the Princess II
My Kingdom for the Princess III
Mystery Case Files &reg;: 13th Skull ™
Mystery Case Files &reg;: Dire Grove ™
Mystery Case Files: Return to Ravenhearst ™
Mystery Legends: Beauty and the Beast Collector's Edition
Mystery of the Ancients: Lockwood Manor Collector's Edition
Mystic Diary: Haunted Island
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Nexus of Souls
Phantasmat Collector's Edition
PhotoNow! 1.0
PowerDirector Express
PowerDVD
PowerProducer
Quicken 2006
QuickTime
Ranch Rush
Ranch Rush 2 - Sara's Island Experiment
Rescue Frenzy
Rescue Team
Roads of Rome II
Royal Envoy
Sacra Terra: Angelic Night Collector's Edition
Sally's Spa
Sally's Studio Collector's Edition
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
Shop-N-Spree: Family Fortune
SigmaTel Audio
Snark Busters: All Revved up
Soap Opera Dash
Sphera
Spirit Seasons: Little Ghost Story
Spybot - Search & Destroy
Supermarket Management 2
Sylia
The Agency of Anomalies: Mystic Hospital Collector's Edition
The Joy of Farming
The Serpent of Isis ™
The Timebuilders: Pyramid Rising
The Tiny Bang Story
The Witch and The Warrior
The Witch and the Warrior Strategy Guide
Timeless: The Forgotten Town
Twisted Lands: Shadow Town Collector's Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vagrant Hearts
Vagrant Hearts 2
Voodoo Chronicles: The First Sign Collector's Edition
WebFldrs XP
Wedding Dash 4-Ever
Westward
Westward IV: All Aboard
Westward Kingdoms
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wonderburg
World Mosaics
World Mosaics 2
World Mosaics 3 - Fairy Tales
World Mosaics 4
World Riddles: Seven Wonders
Youda Farmer
Youda Farmer 2: Save the Village
Youda Farmer 3: Seasons
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Sun Nov 06, 2011 9:04 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • checkup.txt
  • TDSSKiller log.
  • OTL.txt and Extra.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Sun Nov 06, 2011 10:49 am    Post subject: data backup Reply with quote

Hi, Cypher, thank you for your help.

I'm not sure how best to accomplish data backup on this computer. It doesn't have a CD burner, and my parents don't have an external hard drive. My own external hard drive is formatted for Mac and I'm not sure I'm capable of partitioning it. There aren't very many files on here that even need backing up...would a flash drive or two suffice for the time being?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Sun Nov 06, 2011 11:41 am    Post subject: Reply with quote

Hi aubergine,
Quote:
Cypher, thank you for your help.

You're welcome.
Quote:
There aren't very many files on here that even need backing up...would a flash drive or two suffice for the time being?

Yes a flash drive would do fine providing you can fit everything you want to save on to them.
Please post the requested logs when ready.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Mon Nov 07, 2011 11:42 am    Post subject: Reply with quote

Here you go. For what it's worth, I know Java and Flash are not up to date on this computer; we haven't been able to get the updates to install correctly.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````End of Log````````````


13:31:40.0113 1292 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
13:31:40.0456 1292 ============================================================
13:31:40.0456 1292 Current date / time: 2011/11/07 13:31:40.0456
13:31:40.0456 1292 SystemInfo:
13:31:40.0456 1292
13:31:40.0456 1292 OS Version: 5.1.2600 ServicePack: 3.0
13:31:40.0456 1292 Product type: Workstation
13:31:40.0456 1292 ComputerName: RANDY-D8F1766FC
13:31:40.0456 1292 UserName: Owner
13:31:40.0456 1292 Windows directory: C:\WINDOWS
13:31:40.0456 1292 System windows directory: C:\WINDOWS
13:31:40.0456 1292 Processor architecture: Intel x86
13:31:40.0456 1292 Number of processors: 2
13:31:40.0456 1292 Page size: 0x1000
13:31:40.0456 1292 Boot type: Normal boot
13:31:40.0456 1292 ============================================================
13:31:41.0800 1292 Initialize success
13:31:43.0456 3700 ============================================================
13:31:43.0456 3700 Scan started
13:31:43.0456 3700 Mode: Manual;
13:31:43.0456 3700 ============================================================
13:31:45.0113 3700 Abiosdsk - ok
13:31:45.0144 3700 abp480n5 - ok
13:31:45.0253 3700 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:31:45.0253 3700 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
13:31:45.0253 3700 ACPI ( Virus.Win32.Rloader.a ) - infected
13:31:45.0253 3700 ACPI - detected Virus.Win32.Rloader.a (0)
13:31:45.0300 3700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:31:45.0300 3700 ACPIEC - ok
13:31:45.0300 3700 adpu160m - ok
13:31:45.0331 3700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:31:45.0331 3700 aec - ok
13:31:45.0378 3700 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
13:31:45.0378 3700 AFD - ok
13:31:45.0394 3700 Aha154x - ok
13:31:45.0410 3700 aic78u2 - ok
13:31:45.0425 3700 aic78xx - ok
13:31:45.0441 3700 AliIde - ok
13:31:45.0441 3700 amsint - ok
13:31:45.0472 3700 asc - ok
13:31:45.0472 3700 asc3350p - ok
13:31:45.0488 3700 asc3550 - ok
13:31:45.0519 3700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:31:45.0519 3700 AsyncMac - ok
13:31:45.0550 3700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:31:45.0550 3700 atapi - ok
13:31:45.0566 3700 Atdisk - ok
13:31:45.0597 3700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:31:45.0597 3700 Atmarpc - ok
13:31:45.0628 3700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:31:45.0628 3700 audstub - ok
13:31:45.0644 3700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:31:45.0644 3700 Beep - ok
13:31:45.0691 3700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:31:45.0691 3700 cbidf2k - ok
13:31:45.0706 3700 cd20xrnt - ok
13:31:45.0722 3700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:31:45.0722 3700 Cdaudio - ok
13:31:45.0738 3700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:31:45.0753 3700 Cdfs - ok
13:31:45.0769 3700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:31:45.0769 3700 Cdrom - ok
13:31:45.0785 3700 Changer - ok
13:31:45.0800 3700 CmdIde - ok
13:31:45.0816 3700 Cpqarray - ok
13:31:45.0831 3700 dac2w2k - ok
13:31:45.0847 3700 dac960nt - ok
13:31:45.0878 3700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:31:45.0878 3700 Disk - ok
13:31:45.0925 3700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:31:45.0941 3700 dmboot - ok
13:31:45.0972 3700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:31:45.0972 3700 dmio - ok
13:31:46.0003 3700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:31:46.0003 3700 dmload - ok
13:31:46.0035 3700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:31:46.0035 3700 DMusic - ok
13:31:46.0050 3700 dpti2o - ok
13:31:46.0081 3700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:31:46.0081 3700 drmkaud - ok
13:31:46.0113 3700 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:31:46.0113 3700 E100B - ok
13:31:46.0191 3700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:31:46.0191 3700 Fastfat - ok
13:31:46.0206 3700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:31:46.0206 3700 Fdc - ok
13:31:46.0238 3700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:31:46.0238 3700 Fips - ok
13:31:46.0269 3700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:31:46.0269 3700 Flpydisk - ok
13:31:46.0285 3700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:31:46.0300 3700 FltMgr - ok
13:31:46.0316 3700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:31:46.0316 3700 Fs_Rec - ok
13:31:46.0316 3700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:31:46.0331 3700 Ftdisk - ok
13:31:46.0394 3700 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:31:46.0394 3700 GEARAspiWDM - ok
13:31:46.0441 3700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:31:46.0441 3700 Gpc - ok
13:31:46.0488 3700 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:31:46.0488 3700 HDAudBus - ok
13:31:46.0503 3700 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:31:46.0503 3700 hidusb - ok
13:31:46.0644 3700 hpn - ok
13:31:46.0753 3700 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:31:46.0785 3700 HSFHWBS2 - ok
13:31:46.0831 3700 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:31:46.0863 3700 HSF_DP - ok
13:31:46.0894 3700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:31:46.0910 3700 HTTP - ok
13:31:46.0910 3700 i2omgmt - ok
13:31:46.0925 3700 i2omp - ok
13:31:46.0941 3700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
13:31:46.0941 3700 i8042prt - ok
13:31:47.0003 3700 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:31:47.0019 3700 ialm - ok
13:31:47.0050 3700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:31:47.0050 3700 Imapi - ok
13:31:47.0128 3700 ini910u - ok
13:31:47.0269 3700 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:31:47.0269 3700 IntelIde - ok
13:31:47.0331 3700 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:31:47.0331 3700 intelppm - ok
13:31:47.0363 3700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:31:47.0363 3700 Ip6Fw - ok
13:31:47.0394 3700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:31:47.0394 3700 IpFilterDriver - ok
13:31:47.0425 3700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:31:47.0425 3700 IpInIp - ok
13:31:47.0472 3700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:31:47.0472 3700 IpNat - ok
13:31:47.0503 3700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:31:47.0503 3700 IPSec - ok
13:31:47.0535 3700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:31:47.0535 3700 IRENUM - ok
13:31:47.0550 3700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:31:47.0566 3700 isapnp - ok
13:31:47.0597 3700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:31:47.0597 3700 Kbdclass - ok
13:31:47.0613 3700 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:31:47.0613 3700 kbdhid - ok
13:31:47.0644 3700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:31:47.0660 3700 kmixer - ok
13:31:47.0706 3700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:31:47.0706 3700 KSecDD - ok
13:31:47.0816 3700 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:31:47.0831 3700 Lavasoft Kernexplorer - ok
13:31:47.0878 3700 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:31:47.0878 3700 Lbd - ok
13:31:47.0894 3700 lbrtfdc - ok
13:31:47.0956 3700 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:31:47.0956 3700 mdmxsdk - ok
13:31:48.0003 3700 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:31:48.0035 3700 MHNDRV - ok
13:31:48.0050 3700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:31:48.0050 3700 mnmdd - ok
13:31:48.0081 3700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:31:48.0081 3700 Modem - ok
13:31:48.0113 3700 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:31:48.0113 3700 MODEMCSA - ok
13:31:48.0128 3700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:31:48.0128 3700 Mouclass - ok
13:31:48.0191 3700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:31:48.0191 3700 mouhid - ok
13:31:48.0206 3700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:31:48.0206 3700 MountMgr - ok
13:31:48.0222 3700 mraid35x - ok
13:31:48.0238 3700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:31:48.0253 3700 MRxDAV - ok
13:31:48.0300 3700 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:31:48.0300 3700 MRxSmb - ok
13:31:48.0331 3700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:31:48.0331 3700 Msfs - ok
13:31:48.0363 3700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:31:48.0363 3700 MSKSSRV - ok
13:31:48.0378 3700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:31:48.0378 3700 MSPCLOCK - ok
13:31:48.0394 3700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:31:48.0394 3700 MSPQM - ok
13:31:48.0456 3700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:31:48.0456 3700 mssmbios - ok
13:31:48.0503 3700 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:31:48.0503 3700 Mup - ok
13:31:48.0519 3700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:31:48.0519 3700 NDIS - ok
13:31:48.0581 3700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:31:48.0581 3700 NdisTapi - ok
13:31:48.0628 3700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:31:48.0628 3700 Ndisuio - ok
13:31:48.0644 3700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:31:48.0644 3700 NdisWan - ok
13:31:48.0660 3700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:31:48.0660 3700 NDProxy - ok
13:31:48.0675 3700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:31:48.0675 3700 NetBIOS - ok
13:31:48.0706 3700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:31:48.0706 3700 NetBT - ok
13:31:48.0738 3700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:31:48.0738 3700 Npfs - ok
13:31:48.0769 3700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:31:48.0785 3700 Ntfs - ok
13:31:48.0816 3700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:31:48.0816 3700 Null - ok
13:31:48.0847 3700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:31:48.0847 3700 NwlnkFlt - ok
13:31:48.0863 3700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:31:48.0863 3700 NwlnkFwd - ok
13:31:48.0894 3700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:31:48.0894 3700 Parport - ok
13:31:48.0894 3700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:31:48.0910 3700 PartMgr - ok
13:31:48.0925 3700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:31:48.0925 3700 ParVdm - ok
13:31:48.0941 3700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:31:48.0941 3700 PCI - ok
13:31:48.0956 3700 PCIDump - ok
13:31:48.0956 3700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
13:31:48.0956 3700 PCIIde - ok
13:31:48.0988 3700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:31:48.0988 3700 Pcmcia - ok
13:31:49.0003 3700 PDCOMP - ok
13:31:49.0019 3700 PDFRAME - ok
13:31:49.0019 3700 PDRELI - ok
13:31:49.0035 3700 PDRFRAME - ok
13:31:49.0050 3700 perc2 - ok
13:31:49.0050 3700 perc2hib - ok
13:31:49.0097 3700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:31:49.0113 3700 PptpMiniport - ok
13:31:49.0175 3700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:31:49.0175 3700 PSched - ok
13:31:49.0191 3700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:31:49.0191 3700 Ptilink - ok
13:31:49.0206 3700 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:31:49.0222 3700 PxHelp20 - ok
13:31:49.0222 3700 ql1080 - ok
13:31:49.0238 3700 Ql10wnt - ok
13:31:49.0253 3700 ql12160 - ok
13:31:49.0269 3700 ql1240 - ok
13:31:49.0285 3700 ql1280 - ok
13:31:49.0285 3700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:31:49.0285 3700 RasAcd - ok
13:31:49.0316 3700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:31:49.0316 3700 Rasl2tp - ok
13:31:49.0331 3700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:31:49.0331 3700 RasPppoe - ok
13:31:49.0347 3700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:31:49.0347 3700 Raspti - ok
13:31:49.0363 3700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:31:49.0363 3700 Rdbss - ok
13:31:49.0378 3700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:31:49.0378 3700 RDPCDD - ok
13:31:49.0394 3700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:31:49.0394 3700 rdpdr - ok
13:31:49.0425 3700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:31:49.0441 3700 RDPWD - ok
13:31:49.0472 3700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:31:49.0472 3700 redbook - ok
13:31:49.0550 3700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:31:49.0550 3700 Secdrv - ok
13:31:49.0581 3700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:31:49.0581 3700 Serial - ok
13:31:49.0628 3700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:31:49.0628 3700 Sfloppy - ok
13:31:49.0660 3700 Simbad - ok
13:31:49.0675 3700 Sparrow - ok
13:31:49.0706 3700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:31:49.0706 3700 splitter - ok
13:31:49.0738 3700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:31:49.0738 3700 sr - ok
13:31:49.0785 3700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:31:49.0785 3700 Srv - ok
13:31:49.0863 3700 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
13:31:49.0894 3700 STHDA - ok
13:31:49.0925 3700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:31:49.0925 3700 swenum - ok
13:31:49.0956 3700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:31:49.0956 3700 swmidi - ok
13:31:49.0972 3700 symc810 - ok
13:31:49.0988 3700 symc8xx - ok
13:31:50.0003 3700 sym_hi - ok
13:31:50.0003 3700 sym_u3 - ok
13:31:50.0035 3700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:31:50.0035 3700 sysaudio - ok
13:31:50.0081 3700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:31:50.0097 3700 Tcpip - ok
13:31:50.0175 3700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:31:50.0175 3700 TDPIPE - ok
13:31:50.0191 3700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:31:50.0191 3700 TDTCP - ok
13:31:50.0206 3700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:31:50.0206 3700 TermDD - ok
13:31:50.0238 3700 TosIde - ok
13:31:50.0253 3700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:31:50.0253 3700 Udfs - ok
13:31:50.0285 3700 ultra - ok
13:31:50.0316 3700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:31:50.0331 3700 Update - ok
13:31:50.0394 3700 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:31:50.0394 3700 USBAAPL - ok
13:31:50.0410 3700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:31:50.0410 3700 usbehci - ok
13:31:50.0425 3700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:31:50.0425 3700 usbhub - ok
13:31:50.0472 3700 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:31:50.0472 3700 usbprint - ok
13:31:50.0519 3700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:31:50.0519 3700 USBSTOR - ok
13:31:50.0566 3700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:31:50.0566 3700 usbuhci - ok
13:31:50.0597 3700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:31:50.0597 3700 VgaSave - ok
13:31:50.0597 3700 ViaIde - ok
13:31:50.0613 3700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:31:50.0628 3700 VolSnap - ok
13:31:50.0644 3700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:31:50.0644 3700 Wanarp - ok
13:31:50.0660 3700 WDICA - ok
13:31:50.0675 3700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:31:50.0675 3700 wdmaud - ok
13:31:50.0738 3700 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:31:50.0769 3700 winachsf - ok
13:31:50.0878 3700 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:31:50.0878 3700 WudfPf - ok
13:31:50.0910 3700 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:31:50.0910 3700 WudfRd - ok
13:31:50.0941 3700 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:31:51.0066 3700 \Device\Harddisk0\DR0 - ok
13:31:51.0066 3700 Boot (0x1200) (e469aa01e25452e3d6532893af57f949) \Device\Harddisk0\DR0\Partition0
13:31:51.0066 3700 \Device\Harddisk0\DR0\Partition0 - ok
13:31:51.0066 3700 ============================================================
13:31:51.0066 3700 Scan finished
13:31:51.0066 3700 ============================================================
13:31:51.0081 1144 Detected object count: 1
13:31:51.0081 1144 Actual detected object count: 1
13:32:09.0128 1144 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
13:32:09.0128 1144 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip


OTL logfile created on: 11/7/2011 1:34:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 355.33 Mb Available Physical Memory | 35.04% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.00 Gb Free Space | 51.01% Space Free | Partition Type: NTFS

Computer Name: RANDY-D8F1766FC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 13:31:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/11/03 11:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 11:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/21 03:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/29 00:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/05 00:24:21 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/11/03 11:06:56 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 11:06:56 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 11:06:56 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/09/29 00:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/07/29 03:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/03 11:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 11:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 11:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-606747145-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1060284298-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - prefs.js..keyword.enabled: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/04 23:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 23:32:06 | 000,000,000 | ---D | M]

[2010/08/15 23:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/11/05 03:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ri2p9sv.default\extensions
[2010/08/15 23:37:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ri2p9sv.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/08/21 01:53:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ri2p9sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/01 13:35:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ri2p9sv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/04 23:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/22 14:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 14:20:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/01/22 14:20:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/17 12:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/25 13:55:45 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKU\S-1-5-21-1060284298-606747145-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281725831187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCA55355-0785-4C89-8E91-EABA652FB9B1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/13 11:43:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1060284298-606747145-725345543-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1060284298-606747145-725345543-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 13:31:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/06 16:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2011/11/06 12:24:02 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/11/05 22:36:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/11/05 22:35:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/11/05 00:25:01 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/05 00:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\adaware
[2011/11/05 00:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/05 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/05 00:07:35 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/05 00:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/05 00:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/05 00:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/11/02 05:29:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/23 11:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fated Haven - Chapter One
[2011/10/23 11:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - Trail of Shadows Collector's Edition
[2011/10/21 22:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Guardian Angels
[2011/10/21 22:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Guardian Angels
[70 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 13:31:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/07 13:31:23 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/11/07 13:29:26 | 000,502,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 13:29:26 | 000,086,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/07 13:25:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/07 13:25:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 13:25:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/06 12:20:46 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/11/05 22:35:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/11/05 06:44:50 | 000,000,323 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/11/05 00:25:01 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/05 00:24:57 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/05 00:07:39 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/04 23:32:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/04 23:32:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/03 11:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/02 05:43:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/02 05:29:25 | 000,061,899 | ---- | M] () -- C:\WINDOWS\hpbj1100.his
[2011/11/02 05:29:25 | 000,006,091 | ---- | M] () -- C:\WINDOWS\hpbj1100.ini
[2011/11/02 05:28:32 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\z1100b.his
[2011/11/02 05:28:32 | 000,001,649 | ---- | M] () -- C:\WINDOWS\z1100b
[2011/10/28 16:50:59 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hymn Usage by Number.wps
[2011/10/28 16:50:59 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/10/25 13:55:45 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111105-091036.backup
[2011/10/25 13:55:45 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111104-051151.backup
[2011/10/25 13:55:45 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111103-215501.backup
[2011/10/25 13:55:45 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111103-215417.backup
[2011/10/25 13:55:45 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/23 11:59:17 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/10/18 15:51:06 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HIRSP letter 2011.wps
[70 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 12:20:46 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/11/05 02:53:57 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/05 00:08:02 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/05 00:07:39 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/04 23:32:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/04 23:32:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/02 05:28:31 | 000,143,462 | ---- | C] () -- C:\WINDOWS\hpbj1100.hi1
[2011/11/02 05:28:31 | 000,012,579 | ---- | C] () -- C:\WINDOWS\hpbj1100.bu1
[2011/10/23 11:59:17 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/10/18 15:51:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HIRSP letter 2011.wps
[2011/10/01 11:15:50 | 000,061,440 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2011/10/01 11:15:50 | 000,000,104 | R--- | C] () -- C:\WINDOWS\hpw1100k.ini
[2011/10/01 11:12:18 | 000,006,091 | ---- | C] () -- C:\WINDOWS\hpbj1100.ini
[2011/10/01 11:11:41 | 000,000,360 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/10/01 11:11:39 | 000,001,115 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/10/01 11:11:32 | 000,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2011/10/01 11:11:32 | 000,000,242 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat
[2011/09/01 23:58:23 | 000,031,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/15 23:09:40 | 000,315,995 | ---- | C] () -- C:\WINDOWS\Arvale- Treasure of Memories- Episode I Uninstaller.exe
[2011/05/09 10:42:22 | 000,016,098 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dc07rr824sfs4vx1456egb2r5o
[2011/05/09 10:42:22 | 000,016,098 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dc07rr824sfs4vx1456egb2r5o
[2011/04/18 22:00:04 | 000,178,037 | ---- | C] () -- C:\WINDOWS\The Witch and The Warrior Uninstaller.exe
[2011/01/18 19:59:24 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/01/10 19:57:46 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/12/11 20:19:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/10/15 18:29:16 | 000,000,323 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/10/15 18:28:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2010/10/15 18:28:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBLIH.EXE
[2010/10/15 18:28:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2010/10/15 18:28:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2010/09/18 05:32:26 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/23 00:02:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/15 23:35:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/13 11:45:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 11:32:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/13 06:21:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/13 06:20:40 | 000,171,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/03/15 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 06:00:00 | 000,502,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 06:00:00 | 000,086,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/15 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 277 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C8F07A8
@Alternate Data Stream - 244 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD
@Alternate Data Stream - 243 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46CBC45C
@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:361703F1
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FE2EE4
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0C40A99
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C81B36D
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE2C3A5
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28505EB2
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:616D21DE
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942309
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8182692
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19F08842
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6514A833
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C3A81AE
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12169ADE
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBA3CF20
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D0FFBF
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EABC438
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B244549
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63210866
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C4A588B
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD32145
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAEE7554
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF24D911
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13019F4B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3222282F
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43C957E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AFB4349
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:371A321E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B3549F2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C89BAFB1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3C2A225
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CED8825
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE0B2D7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:983B4DC0
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87A3A233
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BCD6B91
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E5CFA74
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC01D6D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:000D6A25
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5BF78B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C66609
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CDEDE11
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3668151
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53B8C5D2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A08CCE6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E8C18F1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59465B40
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58E38390
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6B71B40
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BBD3D5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6813E7F4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14362DF8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB86F355
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:224B562C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:143D8E0D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0913157
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8AA9A6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701B92FB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D385C0C1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3615992
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0888117
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AECF4772
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72A1B66A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAC06C34
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D5C6A03
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07C99568
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95198126

< End of report >


OTL Extras logfile created on: 11/7/2011 1:34:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Tue Nov 08, 2011 2:45 am    Post subject: Reply with quote

Hi aubergine,
When you ran OTL two logs should of been created.
Please post the contents of the OTL Extra.txt, it should be on your desktop.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Tue Nov 08, 2011 9:19 am    Post subject: Reply with quote

OTL Extras logfile created on: 11/7/2011 1:34:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 355.33 Mb Available Physical Memory | 35.04% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.00 Gb Free Space | 51.01% Space Free | Partition Type: NTFS

Computer Name: RANDY-D8F1766FC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1060284298-606747145-725345543-1003\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{1424521C-3C21-4B12-A129-043A1D41FB93}_is1" = Guardian Angels
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3f003518-5cd7-43a2-a58f-152feb24856d}" = Nero 9 Essentials
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59BF361E-C8C2-42FD-943F-47AF9B6B636E}_is1" = Dawn's Light: A Christmas Tale 1.0
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{899DF8BD-6ECC-4FE6-BA98-D8DC7AD944E0}_is1" = Dawn's Light 1.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A15104-BC15-46E0-BFDE-C905A27D4171}_is1" = Dawn's Light: Another Christmas Tale
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4312A6A-52F7-4CDB-9169-B8B10B0B91E2}_is1" = Dawn's Light 2 Strategy Guide
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CA6A9C7B-8258-46DF-92F3-BDBFD2AEA0E1}_is1" = Dawn's Light 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F6F0DCA4-832E-4A34-9F10-BC837E401C39}_is1" = Nexus of Souls
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"am-deliciousemilyschildhoodmemoriespremiumedition" = Delicious - Emily's Childhood Memories Premium Edition
"am-deliciousemilystasteoffame" = Delicious - Emily's Taste of Fame
"Arvale- Treasure of Memories- Episode I" = Arvale- Treasure of Memories- Episode I
"Asguaard" = Asguaard
"Aveyond - Lord of Twilight" = Aveyond - Lord of Twilight
"Aveyond - The Darkthrop Prophecy" = Aveyond - The Darkthrop Prophecy
"Aveyond - The Lost Orb" = Aveyond - The Lost Orb
"BFG-3 Stars of Destiny" = 3 Stars of Destiny
"BFG-Aveyond" = Aveyond
"BFG-Aveyond - Gates of Night" = Aveyond: Gates of Night
"BFG-Aveyond - The Darkthrop Prophecy Strategy Guide" = Aveyond: The Darkthrop Prophecy Strategy Guide
"BFG-Aveyond - The Lost Orb Strategy Guide" = Aveyond: The Lost Orb Strategy Guide
"BFG-Aveyond 2" = Aveyond 2
"BFG-Bistro Boulevard" = Bistro Boulevard
"BFGC" = Big Fish Games: Game Manager
"BFG-Catwalk_Countdown" = Catwalk Countdown
"BFG-Chocolatier - Decadence by Design" = Chocolatier: Decadence by Design
"BFG-Cindy's Travels - Flooded Kingdom" = Cindy's Travels: Flooded Kingdom
"BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
"BFG-Cooking Dash 3 - Thrills and Spills" = Cooking Dash 3: Thrills and Spills
"BFG-Diner Dash 5 - Boom" = Diner Dash 5: Boom
"BFG-Drawn - Dark Flight Collector's Edition" = Drawn: Dark Flight &reg; Collector's Editon
"BFG-Drawn - Trail of Shadows Collector's Edition" = Drawn™: Trail of Shadows Collector's Edition
"BFG-Dreamscape" = Dreamscape
"BFG-Echoes of the Past - The Castle of Shadows" = Echoes of the Past: The Castle of Shadows
"BFG-Escape From Paradise 2 - A Kingdom's Quest" = Escape From Paradise 2: A Kingdom's Quest
"BFG-Fairy Godmother Tycoon" = Fairy Godmother Tycoon
"BFG-Farm Craft" = Farm Craft
"BFG-Farm Tribe" = Farm Tribe
"BFG-Fated Haven - Chapter One" = Fated Haven: Chapter One
"BFG-Forgotten Lands - First Colony" = Forgotten Lands: First Colony ™
"BFG-Garden Dash" = Garden Dash
"BFG-Garden Defense" = Garden Defense
"BFG-Gemini Lost" = Gemini Lost
"BFG-Grim Facade - Mystery of Venice Collectors Edition" = Grim Facade: Mystery of Venice Collector’s Edition
"BFG-Grim Tales - The Bride Collector's Edition" = Grim Tales: The Bride Collector's Edition
"BFG-Haunted Domains" = Haunted Domains
"BFG-Haunted Halls - Green Hills Sanitarium Collector's Edition" = Haunted Halls: Green Hills Sanitarium Collector's Edition
"BFG-Haunted Legends - The Queen of Spades Collector's Edition" = Haunted Legends: The Queen of Spades Collector's Edition
"BFG-Hidato Adventures" = Hidato Adventures
"BFG-Hobby Farm" = Hobby Farm
"BFG-Hotel Dash 2 - Lost Luxuries" = Hotel Dash 2: Lost Luxuries
"BFG-Jack of All Tribes" = Jack of All Tribes
"BFG-Jet Set Go" = Jet Set Go
"BFG-King's Legacy" = King's Legacy
"BFG-Laxius Force" = Laxius Force
"BFG-Life Quest" = Life Quest ™
"BFG-Lilly and Sasha - Curse of the Immortals" = Lilly and Sasha: Curse of the Immortals
"BFG-Macabre Mysteries - Curse of the Nightingale Collector's Edition" = Macabre Mysteries: Curse of the Nightingale Collector's Edition
"BFG-Mahjong Escape Ancient Japan" = Mahjong Escape Ancient Japan
"BFG-Mall-a-Palooza" = Mall-a-Palooza
"BFG-Monster Mash" = Monster Mash
"BFG-My Kingdom for the Princess" = My Kingdom for the Princess
"BFG-My Kingdom for the Princess II" = My Kingdom for the Princess II
"BFG-My Kingdom for the Princess III" = My Kingdom for the Princess III
"BFG-Mystery Case Files - 13th Skull" = Mystery Case Files &reg;: 13th Skull ™
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files &reg;: Dire Grove ™
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery Legends - Beauty and the Beast Collector's Edition" = Mystery Legends: Beauty and the Beast Collector's Edition
"BFG-Mystery of the Ancients - Lockwood Manor Collector's Edition" = Mystery of the Ancients: Lockwood Manor Collector's Edition
"BFG-Mystic Diary - Haunted Island" = Mystic Diary: Haunted Island
"BFG-Phantasmat Collector's Edition" = Phantasmat Collector's Edition
"BFG-Ranch Rush" = Ranch Rush
"BFG-Ranch Rush 2 - Sara's Island Experiment" = Ranch Rush 2 - Sara's Island Experiment
"BFG-Rescue Frenzy" = Rescue Frenzy
"BFG-Rescue Team" = Rescue Team
"BFG-Roads of Rome II" = Roads of Rome II
"BFG-Royal Envoy" = Royal Envoy
"BFG-Sacra Terra - Angelic Night Collector's Edition" = Sacra Terra: Angelic Night Collector's Edition
"BFG-Sally's Spa" = Sally's Spa
"BFG-Sally's Studio Collector's Edition" = Sally's Studio Collector's Edition
"BFG-Sherlock Holmes and the Hound of the Baskervilles Collector's Edition" = Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
"BFG-Shop-N-Spree Family Fortune" = Shop-N-Spree: Family Fortune
"BFG-Snark Busters - All Revved up" = Snark Busters: All Revved up
"BFG-Soap Opera Dash" = Soap Opera Dash
"BFG-Sphera" = Sphera
"BFG-Spirit Seasons - Little Ghost Story" = Spirit Seasons: Little Ghost Story
"BFG-Supermarket Management 2" = Supermarket Management 2
"BFG-The Agency of Anomalies - Mystic Hospital Collector's Edition" = The Agency of Anomalies: Mystic Hospital Collector's Edition
"BFG-The Joy of Farming" = The Joy of Farming
"BFG-The Serpent of Isis" = The Serpent of Isis ™
"BFG-The Timebuilders - Pyramid Rising" = The Timebuilders: Pyramid Rising
"BFG-The Tiny Bang Story" = The Tiny Bang Story
"BFG-The Witch and The Warrior" = The Witch and The Warrior
"BFG-The Witch and the Warrior Strategy Guide" = The Witch and the Warrior Strategy Guide
"BFG-Timeless - The Forgotten Town" = Timeless: The Forgotten Town
"BFG-Twisted Lands - Shadow Town Collector's Edition" = Twisted Lands: Shadow Town Collector's Edition
"BFG-Vagrant Hearts" = Vagrant Hearts
"BFG-Voodoo Chronicles - The First Sign Collectors Edition" = Voodoo Chronicles: The First Sign Collector's Edition
"BFG-Wedding Dash 4-Ever" = Wedding Dash 4-Ever
"BFG-Westward" = Westward
"BFG-Westward IV - All Aboard" = Westward IV: All Aboard
"BFG-Westward Kingdoms" = Westward Kingdoms
"BFG-Wonderburg" = Wonderburg
"BFG-World Mosaics" = World Mosaics
"BFG-World Mosaics 2" = World Mosaics 2
"BFG-World Mosaics 3 - Fairy Tales" = World Mosaics 3 - Fairy Tales
"BFG-World Mosaics 4" = World Mosaics 4
"BFG-World Riddles - Seven Wonders" = World Riddles: Seven Wonders
"BFG-Youda Farmer" = Youda Farmer
"BFG-Youda Farmer 2 - Save the Village" = Youda Farmer 2: Save the Village
"BFG-Youda Farmer 3 - Seasons" = Youda Farmer 3: Seasons
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Delicious-Emilys Holiday Season" = Delicious-Emilys Holiday Season
"ie8" = Windows Internet Explorer 8
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel(R) PRO Network Connections Drivers
"Sylia" = Sylia
"The Witch and The Warrior" = The Witch and The Warrior
"Vagrant Hearts" = Vagrant Hearts
"Vagrant Hearts 2" = Vagrant Hearts 2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2011 4:09:14 PM | Computer Name = RANDY-D8F1766FC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/2/2011 7:35:56 AM | Computer Name = RANDY-D8F1766FC | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 11/5/2011 2:08:07 AM | Computer Name = RANDY-D8F1766FC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/5/2011 2:08:07 AM | Computer Name = RANDY-D8F1766FC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/5/2011 2:08:07 AM | Computer Name = RANDY-D8F1766FC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/5/2011 5:01:54 AM | Computer Name = RANDY-D8F1766FC | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 11/6/2011 8:30:41 PM | Computer Name = RANDY-D8F1766FC | Source = Application Hang | ID = 1002
Description = Hanging application bfgclient.exe, version 3.0.1.60, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2011 3:27:20 PM | Computer Name = RANDY-D8F1766FC | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 11/7/2011 3:30:38 PM | Computer Name = RANDY-D8F1766FC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/7/2011 3:30:38 PM | Computer Name = RANDY-D8F1766FC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 8/3/2011 7:19:46 AM | Computer Name = RANDY-D8F1766FC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2011 1:12:22 PM | Computer Name = RANDY-D8F1766FC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/3/2011 1:12:22 PM | Computer Name = RANDY-D8F1766FC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/29/2011 3:15:09 PM | Computer Name = RANDY-D8F1766FC | Source = Print | ID = 6161
Description = The document Coupon owned by Owner failed to print on printer Lexmark
Z700-P700 Series. Data type: LEMF. Size of the spool file in bytes: 386239. Number
of bytes printed: 386239. Total number of pages in the document: 1. Number of pages
printed: 0. Client machine: \\RANDY-D8F1766FC. Win32 error code returned by the
print processor: 126 (0x7e).

Error - 10/6/2011 7:04:49 PM | Computer Name = RANDY-D8F1766FC | Source = Print | ID = 6161
Description = The document key-signature-chart.pdf owned by Owner failed to print
on printer Lexmark Z700-P700 Series. Data type: LEMF. Size of the spool file in
bytes: 536874. Number of bytes printed: 536874. Total number of pages in the document:
1. Number of pages printed: 0. Client machine: \\RANDY-D8F1766FC. Win32 error code
returned by the print processor: 126 (0x7e).

Error - 11/2/2011 7:35:54 AM | Computer Name = RANDY-D8F1766FC | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 11/5/2011 5:01:43 AM | Computer Name = RANDY-D8F1766FC | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 11/6/2011 2:31:25 PM | Computer Name = RANDY-D8F1766FC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 11/7/2011 2:09:24 PM | Computer Name = RANDY-D8F1766FC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 11/7/2011 3:27:10 PM | Computer Name = RANDY-D8F1766FC | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Tue Nov 08, 2011 10:03 am    Post subject: Reply with quote

Hi aubergine,
Continue with the instructions below, once done let me know how your computer is performing.

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    [2011/01/22 14:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [70 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 277 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C8F07A8
    @Alternate Data Stream - 244 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD
    @Alternate Data Stream - 243 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46CBC45C
    @Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
    @Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
    @Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
    @Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
    @Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
    @Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:361703F1
    @Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FE2EE4
    @Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
    @Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
    @Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0C40A99
    @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
    @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
    @Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
    @Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C81B36D
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4
    @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
    @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
    @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE2C3A5
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28505EB2
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
    @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:616D21DE
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942309
    @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8182692
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19F08842
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6514A833
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
    @Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C3A81AE
    @Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12169ADE
    @Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBA3CF20
    @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D0FFBF
    @Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EABC438
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B244549
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63210866
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C4A588B
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD32145
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAEE7554
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF24D911
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13019F4B
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3222282F
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43C957E
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AFB4349
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:371A321E
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B3549F2
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C89BAFB1
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3C2A225
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CED8825
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE0B2D7
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:983B4DC0
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87A3A233
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BCD6B91
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E5CFA74
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC01D6D
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:000D6A25
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5BF78B4
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C66609
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CDEDE11
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3668151
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53B8C5D2
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A08CCE6
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E8C18F1
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59465B40
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58E38390
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6B71B40
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BBD3D5
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6813E7F4
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14362DF8
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB86F355
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:224B562C
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:143D8E0D
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0913157
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8AA9A6
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701B92FB
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D385C0C1
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3615992
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0888117
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AECF4772
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72A1B66A
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00AA4B31
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAC06C34
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D5C6A03
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07C99568
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95198126

    :files
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [resethosts]
    [clearallrestorepoints]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Next.
  • Important!: Run this fix once and once only.
  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller._version_.MM.YYYY_HH.MM.SS_log.txt .
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.


Logs/Information to Post in your Next Reply
  • OTL log.
  • TDSSKiller log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Wed Nov 09, 2011 12:56 pm    Post subject: Reply with quote

Performance: So far so good. Firefox wants to install an update; is it okay to go ahead with that? And if so, can I take a stab at updating Java and Flash while I'm at it?

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
Prefs.js: "Search the Web" removed from browser.search.selectedEngine
Prefs.js: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 removed from extensions.enabledItems
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET134.tmp deleted successfully.
C:\WINDOWS\System32\SET148.tmp deleted successfully.
C:\WINDOWS\System32\SET2A9.tmp deleted successfully.
C:\WINDOWS\System32\SET2B0.tmp deleted successfully.
C:\WINDOWS\System32\SET4D3.tmp deleted successfully.
C:\WINDOWS\System32\SET4D7.tmp deleted successfully.
C:\WINDOWS\System32\SET4DB.tmp deleted successfully.
C:\WINDOWS\System32\SET506.tmp deleted successfully.
C:\WINDOWS\System32\SET52D.tmp deleted successfully.
C:\WINDOWS\System32\SET52E.tmp deleted successfully.
C:\WINDOWS\System32\SET530.tmp deleted successfully.
C:\WINDOWS\System32\SET531.tmp deleted successfully.
C:\WINDOWS\System32\SET532.tmp deleted successfully.
C:\WINDOWS\System32\SET544.tmp deleted successfully.
C:\WINDOWS\System32\SET553.tmp deleted successfully.
C:\WINDOWS\System32\SET7B4.tmp deleted successfully.
C:\WINDOWS\System32\SET7F1.tmp deleted successfully.
C:\WINDOWS\System32\SET841.tmp deleted successfully.
C:\WINDOWS\System32\SET842.tmp deleted successfully.
C:\WINDOWS\System32\SET844.tmp deleted successfully.
C:\WINDOWS\System32\SET845.tmp deleted successfully.
C:\WINDOWS\System32\SET846.tmp deleted successfully.
C:\WINDOWS\System32\SET847.tmp deleted successfully.
C:\WINDOWS\System32\SET84C.tmp deleted successfully.
C:\WINDOWS\System32\SET84D.tmp deleted successfully.
C:\WINDOWS\System32\SET84E.tmp deleted successfully.
C:\WINDOWS\System32\SET856.tmp deleted successfully.
C:\WINDOWS\System32\SET858.tmp deleted successfully.
C:\WINDOWS\System32\SET85A.tmp deleted successfully.
C:\WINDOWS\System32\SET85B.tmp deleted successfully.
C:\WINDOWS\System32\SET85D.tmp deleted successfully.
C:\WINDOWS\System32\SET85E.tmp deleted successfully.
C:\WINDOWS\System32\SET860.tmp deleted successfully.
C:\WINDOWS\System32\SET864.tmp deleted successfully.
C:\WINDOWS\System32\SET867.tmp deleted successfully.
C:\WINDOWS\System32\SET868.tmp deleted successfully.
C:\WINDOWS\System32\SET869.tmp deleted successfully.
C:\WINDOWS\System32\SET86A.tmp deleted successfully.
C:\WINDOWS\System32\SET86B.tmp deleted successfully.
C:\WINDOWS\System32\SET86F.tmp deleted successfully.
C:\WINDOWS\System32\SET870.tmp deleted successfully.
C:\WINDOWS\System32\SET874.tmp deleted successfully.
C:\WINDOWS\System32\SET875.tmp deleted successfully.
C:\WINDOWS\System32\SET8DC.tmp deleted successfully.
C:\WINDOWS\System32\SET8DD.tmp deleted successfully.
C:\WINDOWS\System32\SET8E0.tmp deleted successfully.
C:\WINDOWS\System32\SET8E1.tmp deleted successfully.
C:\WINDOWS\System32\SET8E2.tmp deleted successfully.
C:\WINDOWS\System32\SET8E5.tmp deleted successfully.
C:\WINDOWS\System32\SET8E6.tmp deleted successfully.
C:\WINDOWS\System32\SET8E7.tmp deleted successfully.
C:\WINDOWS\System32\SET934.tmp deleted successfully.
C:\WINDOWS\System32\SET93E.tmp deleted successfully.
C:\WINDOWS\System32\SET948.tmp deleted successfully.
C:\WINDOWS\System32\SET949.tmp deleted successfully.
C:\WINDOWS\System32\SET94C.tmp deleted successfully.
C:\WINDOWS\System32\SET95C.tmp deleted successfully.
C:\WINDOWS\System32\SET966.tmp deleted successfully.
C:\WINDOWS\System32\SET967.tmp deleted successfully.
C:\WINDOWS\System32\SET96E.tmp deleted successfully.
C:\WINDOWS\System32\SET98F.tmp deleted successfully.
C:\WINDOWS\System32\SET990.tmp deleted successfully.
C:\WINDOWS\System32\SET991.tmp deleted successfully.
C:\WINDOWS\System32\SET99C.tmp deleted successfully.
C:\WINDOWS\System32\SET9F6.tmp deleted successfully.
C:\WINDOWS\System32\SET9FB.tmp deleted successfully.
C:\WINDOWS\System32\SETA03.tmp deleted successfully.
C:\WINDOWS\System32\SETB1D.tmp deleted successfully.
C:\WINDOWS\System32\SETB6A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7FE.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET807.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET81A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET992.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET993.tmp deleted successfully.
C:\WINDOWS\002972_.tmp deleted successfully.
C:\WINDOWS\SET2D.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C8F07A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:46CBC45C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:425759C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:361703F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69FE2EE4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B0C40A99 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C81B36D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2397415 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAE2C3A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28505EB2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:03D08225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:616D21DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3942309 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8182692 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:19F08842 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6514A833 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:059167AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0C3A81AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12169ADE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DBA3CF20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0D0FFBF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0EABC438 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B244549 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63210866 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C4A588B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:751D6870 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0785072C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2DD32145 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EAEE7554 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF24D911 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13019F4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3222282F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2216A431 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C43C957E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AFB4349 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:371A321E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B3549F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C89BAFB1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3C2A225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CED8825 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BE0B2D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:983B4DC0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:87A3A233 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0BCD6B91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:109734F6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E5CFA74 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7EC01D6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:000D6A25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D5BF78B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56C66609 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52C24010 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CDEDE11 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3668151 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53B8C5D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A08CCE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E8C18F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:59465B40 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:58E38390 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D6B71B40 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18BBD3D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6813E7F4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:14362DF8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB86F355 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:224B562C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:143D8E0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:073139EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0913157 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C8AA9A6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:701B92FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D385C0C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E3615992 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0888117 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AECF4772 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72A1B66A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00AA4B31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAC06C34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D5C6A03 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07C99568 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95198126 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56504 bytes

User: LocalService
->Flash cache emptied: 343 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 1727 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Owner
->Temp folder emptied: 25764832 bytes
->Temporary Internet Files folder emptied: 96623208 bytes
->Java cache emptied: 90891 bytes
->FireFox cache emptied: 155841261 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 641033 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30485046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 19670035 bytes

Total Files Cleaned = 314.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_124806

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


12:59:25.0718 1288 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
12:59:25.0968 1288 ============================================================
12:59:25.0968 1288 Current date / time: 2011/11/08 12:59:25.0968
12:59:25.0968 1288 SystemInfo:
12:59:25.0968 1288
12:59:25.0968 1288 OS Version: 5.1.2600 ServicePack: 3.0
12:59:25.0968 1288 Product type: Workstation
12:59:25.0968 1288 ComputerName: RANDY-D8F1766FC
12:59:25.0968 1288 UserName: Owner
12:59:25.0968 1288 Windows directory: C:\WINDOWS
12:59:25.0968 1288 System windows directory: C:\WINDOWS
12:59:25.0968 1288 Processor architecture: Intel x86
12:59:25.0968 1288 Number of processors: 2
12:59:25.0968 1288 Page size: 0x1000
12:59:25.0968 1288 Boot type: Normal boot
12:59:25.0968 1288 ============================================================
12:59:27.0109 1288 Initialize success
12:59:29.0468 2052 ============================================================
12:59:29.0468 2052 Scan started
12:59:29.0468 2052 Mode: Manual;
12:59:29.0468 2052 ============================================================
12:59:30.0406 2052 Abiosdsk - ok
12:59:30.0421 2052 abp480n5 - ok
12:59:30.0453 2052 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:59:30.0468 2052 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
12:59:30.0468 2052 ACPI ( Virus.Win32.Rloader.a ) - infected
12:59:30.0468 2052 ACPI - detected Virus.Win32.Rloader.a (0)
12:59:30.0531 2052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:59:30.0531 2052 ACPIEC - ok
12:59:30.0546 2052 adpu160m - ok
12:59:30.0562 2052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:59:30.0578 2052 aec - ok
12:59:30.0625 2052 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
12:59:30.0625 2052 AFD - ok
12:59:30.0625 2052 Aha154x - ok
12:59:30.0640 2052 aic78u2 - ok
12:59:30.0656 2052 aic78xx - ok
12:59:30.0671 2052 AliIde - ok
12:59:30.0687 2052 amsint - ok
12:59:30.0703 2052 asc - ok
12:59:30.0718 2052 asc3350p - ok
12:59:30.0718 2052 asc3550 - ok
12:59:30.0765 2052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:59:30.0765 2052 AsyncMac - ok
12:59:30.0781 2052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:59:30.0781 2052 atapi - ok
12:59:30.0796 2052 Atdisk - ok
12:59:30.0828 2052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:59:30.0828 2052 Atmarpc - ok
12:59:30.0859 2052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:59:30.0859 2052 audstub - ok
12:59:30.0890 2052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:59:30.0890 2052 Beep - ok
12:59:30.0937 2052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:59:30.0937 2052 cbidf2k - ok
12:59:30.0937 2052 cd20xrnt - ok
12:59:30.0968 2052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:59:30.0968 2052 Cdaudio - ok
12:59:31.0000 2052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:59:31.0000 2052 Cdfs - ok
12:59:31.0015 2052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:59:31.0015 2052 Cdrom - ok
12:59:31.0031 2052 Changer - ok
12:59:31.0062 2052 CmdIde - ok
12:59:31.0078 2052 Cpqarray - ok
12:59:31.0093 2052 dac2w2k - ok
12:59:31.0109 2052 dac960nt - ok
12:59:31.0125 2052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:59:31.0125 2052 Disk - ok
12:59:31.0171 2052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:59:31.0203 2052 dmboot - ok
12:59:31.0218 2052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:59:31.0234 2052 dmio - ok
12:59:31.0250 2052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:59:31.0250 2052 dmload - ok
12:59:31.0281 2052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:59:31.0281 2052 DMusic - ok
12:59:31.0296 2052 dpti2o - ok
12:59:31.0312 2052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:59:31.0312 2052 drmkaud - ok
12:59:31.0343 2052 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:59:31.0343 2052 E100B - ok
12:59:31.0390 2052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:59:31.0390 2052 Fastfat - ok
12:59:31.0421 2052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:59:31.0421 2052 Fdc - ok
12:59:31.0437 2052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:59:31.0437 2052 Fips - ok
12:59:31.0453 2052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:59:31.0453 2052 Flpydisk - ok
12:59:31.0531 2052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:59:31.0531 2052 FltMgr - ok
12:59:31.0578 2052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:59:31.0578 2052 Fs_Rec - ok
12:59:31.0609 2052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:59:31.0609 2052 Ftdisk - ok
12:59:31.0687 2052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:59:31.0687 2052 GEARAspiWDM - ok
12:59:31.0703 2052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:59:31.0703 2052 Gpc - ok
12:59:31.0718 2052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:59:31.0718 2052 HDAudBus - ok
12:59:31.0734 2052 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:59:31.0734 2052 hidusb - ok
12:59:31.0750 2052 hpn - ok
12:59:31.0796 2052 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:59:31.0796 2052 HSFHWBS2 - ok
12:59:31.0828 2052 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:59:31.0859 2052 HSF_DP - ok
12:59:31.0906 2052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:59:31.0906 2052 HTTP - ok
12:59:31.0921 2052 i2omgmt - ok
12:59:31.0937 2052 i2omp - ok
12:59:31.0968 2052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:59:31.0968 2052 i8042prt - ok
12:59:32.0000 2052 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:59:32.0140 2052 ialm - ok
12:59:32.0250 2052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:59:32.0250 2052 Imapi - ok
12:59:32.0312 2052 ini910u - ok
12:59:32.0328 2052 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:59:32.0343 2052 IntelIde - ok
12:59:32.0375 2052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:59:32.0375 2052 intelppm - ok
12:59:32.0406 2052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:59:32.0406 2052 Ip6Fw - ok
12:59:32.0453 2052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:59:32.0468 2052 IpFilterDriver - ok
12:59:32.0546 2052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:59:32.0546 2052 IpInIp - ok
12:59:32.0578 2052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:59:32.0578 2052 IpNat - ok
12:59:32.0609 2052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:59:32.0609 2052 IPSec - ok
12:59:32.0640 2052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:59:32.0640 2052 IRENUM - ok
12:59:32.0671 2052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:59:32.0671 2052 isapnp - ok
12:59:32.0703 2052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:59:32.0703 2052 Kbdclass - ok
12:59:32.0703 2052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:59:32.0718 2052 kbdhid - ok
12:59:32.0734 2052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:59:32.0734 2052 kmixer - ok
12:59:32.0750 2052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:59:32.0750 2052 KSecDD - ok
12:59:32.0828 2052 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
12:59:32.0843 2052 Lavasoft Kernexplorer - ok
12:59:32.0875 2052 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:59:32.0890 2052 Lbd - ok
12:59:32.0890 2052 lbrtfdc - ok
12:59:32.0937 2052 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:59:32.0937 2052 mdmxsdk - ok
12:59:32.0984 2052 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:59:32.0984 2052 MHNDRV - ok
12:59:33.0015 2052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:59:33.0031 2052 mnmdd - ok
12:59:33.0046 2052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:59:33.0046 2052 Modem - ok
12:59:33.0078 2052 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:59:33.0078 2052 MODEMCSA - ok
12:59:33.0093 2052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:59:33.0093 2052 Mouclass - ok
12:59:33.0125 2052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:59:33.0125 2052 mouhid - ok
12:59:33.0140 2052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:59:33.0140 2052 MountMgr - ok
12:59:33.0156 2052 mraid35x - ok
12:59:33.0171 2052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:59:33.0171 2052 MRxDAV - ok
12:59:33.0218 2052 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:59:33.0218 2052 MRxSmb - ok
12:59:33.0281 2052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:59:33.0281 2052 Msfs - ok
12:59:33.0296 2052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:59:33.0296 2052 MSKSSRV - ok
12:59:33.0312 2052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:59:33.0312 2052 MSPCLOCK - ok
12:59:33.0343 2052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:59:33.0343 2052 MSPQM - ok
12:59:33.0375 2052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:59:33.0375 2052 mssmbios - ok
12:59:33.0390 2052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:59:33.0390 2052 Mup - ok
12:59:33.0406 2052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:59:33.0421 2052 NDIS - ok
12:59:33.0437 2052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:59:33.0437 2052 NdisTapi - ok
12:59:33.0468 2052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:59:33.0468 2052 Ndisuio - ok
12:59:33.0484 2052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:59:33.0484 2052 NdisWan - ok
12:59:33.0546 2052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:59:33.0546 2052 NDProxy - ok
12:59:33.0578 2052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:59:33.0578 2052 NetBIOS - ok
12:59:33.0609 2052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:59:33.0625 2052 NetBT - ok
12:59:33.0640 2052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:59:33.0656 2052 Npfs - ok
12:59:33.0703 2052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:59:33.0703 2052 Ntfs - ok
12:59:33.0750 2052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:59:33.0750 2052 Null - ok
12:59:33.0781 2052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:59:33.0781 2052 NwlnkFlt - ok
12:59:33.0781 2052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:59:33.0781 2052 NwlnkFwd - ok
12:59:33.0812 2052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:59:33.0812 2052 Parport - ok
12:59:33.0843 2052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:59:33.0843 2052 PartMgr - ok
12:59:33.0859 2052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:59:33.0859 2052 ParVdm - ok
12:59:33.0875 2052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:59:33.0875 2052 PCI - ok
12:59:33.0890 2052 PCIDump - ok
12:59:33.0890 2052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
12:59:33.0906 2052 PCIIde - ok
12:59:33.0921 2052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:59:33.0921 2052 Pcmcia - ok
12:59:33.0921 2052 PDCOMP - ok
12:59:33.0937 2052 PDFRAME - ok
12:59:33.0953 2052 PDRELI - ok
12:59:33.0968 2052 PDRFRAME - ok
12:59:33.0968 2052 perc2 - ok
12:59:33.0984 2052 perc2hib - ok
12:59:34.0046 2052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:59:34.0046 2052 PptpMiniport - ok
12:59:34.0078 2052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:59:34.0078 2052 PSched - ok
12:59:34.0093 2052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:59:34.0093 2052 Ptilink - ok
12:59:34.0109 2052 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:59:34.0125 2052 PxHelp20 - ok
12:59:34.0125 2052 ql1080 - ok
12:59:34.0140 2052 Ql10wnt - ok
12:59:34.0156 2052 ql12160 - ok
12:59:34.0156 2052 ql1240 - ok
12:59:34.0171 2052 ql1280 - ok
12:59:34.0203 2052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:59:34.0203 2052 RasAcd - ok
12:59:34.0218 2052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:59:34.0218 2052 Rasl2tp - ok
12:59:34.0234 2052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:59:34.0234 2052 RasPppoe - ok
12:59:34.0250 2052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:59:34.0250 2052 Raspti - ok
12:59:34.0265 2052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:59:34.0281 2052 Rdbss - ok
12:59:34.0281 2052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:59:34.0281 2052 RDPCDD - ok
12:59:34.0312 2052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:59:34.0312 2052 rdpdr - ok
12:59:34.0343 2052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:59:34.0343 2052 RDPWD - ok
12:59:34.0390 2052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:59:34.0390 2052 redbook - ok
12:59:34.0453 2052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:59:34.0453 2052 Secdrv - ok
12:59:34.0468 2052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:59:34.0468 2052 Serial - ok
12:59:34.0578 2052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:59:34.0578 2052 Sfloppy - ok
12:59:34.0593 2052 Simbad - ok
12:59:34.0609 2052 Sparrow - ok
12:59:34.0640 2052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:59:34.0640 2052 splitter - ok
12:59:34.0671 2052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:59:34.0671 2052 sr - ok
12:59:34.0703 2052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:59:34.0703 2052 Srv - ok
12:59:34.0781 2052 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
12:59:34.0796 2052 STHDA - ok
12:59:34.0812 2052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:59:34.0812 2052 swenum - ok
12:59:34.0843 2052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:59:34.0843 2052 swmidi - ok
12:59:34.0859 2052 symc810 - ok
12:59:34.0875 2052 symc8xx - ok
12:59:34.0890 2052 sym_hi - ok
12:59:34.0890 2052 sym_u3 - ok
12:59:34.0921 2052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:59:34.0921 2052 sysaudio - ok
12:59:34.0968 2052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:59:35.0000 2052 Tcpip - ok
12:59:35.0015 2052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:59:35.0015 2052 TDPIPE - ok
12:59:35.0046 2052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:59:35.0046 2052 TDTCP - ok
12:59:35.0062 2052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:59:35.0062 2052 TermDD - ok
12:59:35.0078 2052 TosIde - ok
12:59:35.0109 2052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:59:35.0109 2052 Udfs - ok
12:59:35.0125 2052 ultra - ok
12:59:35.0171 2052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:59:35.0171 2052 Update - ok
12:59:35.0234 2052 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:59:35.0234 2052 USBAAPL - ok
12:59:35.0265 2052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:59:35.0265 2052 usbehci - ok
12:59:35.0265 2052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:59:35.0281 2052 usbhub - ok
12:59:35.0312 2052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:59:35.0312 2052 usbprint - ok
12:59:35.0343 2052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:59:35.0343 2052 USBSTOR - ok
12:59:35.0390 2052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:59:35.0390 2052 usbuhci - ok
12:59:35.0406 2052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:59:35.0406 2052 VgaSave - ok
12:59:35.0421 2052 ViaIde - ok
12:59:35.0437 2052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:59:35.0437 2052 VolSnap - ok
12:59:35.0484 2052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:59:35.0484 2052 Wanarp - ok
12:59:35.0562 2052 WDICA - ok
12:59:35.0578 2052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:59:35.0578 2052 wdmaud - ok
12:59:35.0640 2052 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:59:35.0671 2052 winachsf - ok
12:59:35.0765 2052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:59:35.0781 2052 WudfPf - ok
12:59:35.0796 2052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:59:35.0796 2052 WudfRd - ok
12:59:35.0859 2052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:59:35.0953 2052 \Device\Harddisk0\DR0 - ok
12:59:35.0953 2052 Boot (0x1200) (e469aa01e25452e3d6532893af57f949) \Device\Harddisk0\DR0\Partition0
12:59:35.0953 2052 \Device\Harddisk0\DR0\Partition0 - ok
12:59:35.0953 2052 ============================================================
12:59:35.0953 2052 Scan finished
12:59:35.0953 2052 ============================================================
12:59:35.0968 1904 Detected object count: 1
12:59:35.0968 1904 Actual detected object count: 1
12:59:42.0234 1904 Backup copy found, using it..
12:59:42.0250 1904 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
12:59:42.0250 1904 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
12:59:46.0218 1508 Deinitialize success
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Thu Nov 10, 2011 3:36 am    Post subject: Reply with quote

Hi aubergine,
Quote:
Performance: So far so good.

Good work so far well done, can you confirm that your searches are no longer redirected?
Quote:
Firefox wants to install an update; is it okay to go ahead with that?

No please don't install any updates to Firefox just yet, lets make sure your computer is clean first.
Quote:
can I take a stab at updating Java and Flash

Yes you can go ahead and do that, i also need you to run another scan for me.

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following if present.
Quote:
Adobe Reader 9.4.6
Java(TM) 6 Update 22

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE 7u1.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).

Next.
  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply
  • Can you confirm that your searches are no longer redirected?
  • ESET log.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Thu Nov 10, 2011 8:13 am    Post subject: Reply with quote

Yes, searches are no longer being redirected.

Under the instructions for updating Java, it says to close all active windows. This will mean closing Firefox, and the Firefox update (which already downloaded itself automatically) is going to install automatically when the program is reopened. How should I proceed?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Thu Nov 10, 2011 8:38 am    Post subject: Reply with quote

Hi aubergine,
If FireFox wants to update let it go ahead and do so.
It shouldn't cause any problems Wink
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Thu Nov 10, 2011 11:24 am    Post subject: Reply with quote

Okay. I'm not sure which platform to select for downloading Java. I'm fairly certain I'm running a 32-bit version of Windows, but how do I know which of these 3 options to choose?

Windows x86 Online (jre-7u1-windows-i586-iftw.exe)
Windows x86 (jre-7u1-windows-i586-s.exe)
Windows x86 Offline (jre-7u1-windows-i586.exe)

(Here's where that technological illiteracy caveat I mentioned in my first post really comes into play, I guess. Embarassed )
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Thu Nov 10, 2011 11:37 am    Post subject: Reply with quote

Hi aubergine,
The one you're looking for is Windows x86 Offline (jre-7u1-windows-i586.exe) .
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Thu Nov 10, 2011 3:46 pm    Post subject: Reply with quote

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=392c254dc1ddd847877e295ca2590d66
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-10 11:41:20
# local_time=2011-11-10 05:41:20 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=127488
# found=1
# cleaned=0
# scan_time=4650
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Fri Nov 11, 2011 2:43 am    Post subject: Reply with quote

Hi aubergine,
We just have one more item to deal with, then if no further problems i will give you final instructions.

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :files
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • OTL log.
  • Please give me one more update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
aubergine
Newbie


Joined: 05 Nov 2011
Last Visit: 13 Nov 2011
Posts: 6

PostPosted: Fri Nov 11, 2011 7:24 am    Post subject: Reply with quote

Hi Cypher--

Performance is still fine. No redirected searches.


All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 692 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 80425 bytes
->Temporary Internet Files folder emptied: 641653 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67288670 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11112011_091920

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Fri Nov 11, 2011 8:15 am    Post subject: Reply with quote

Hi aubergine,
Quote:
Performance is still fine. No redirected searches.

Excellent Big Thumb Up

Your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Sep 2014
Posts: 4636
Location: Land Of The Leprechauns

PostPosted: Sat Nov 12, 2011 9:03 am    Post subject: Reply with quote

Quote:
As your issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group