Google re-direct and possible winmgr.exe infection?

**Bonny Liang** · 07-12-2011

My google randomly redirects me and though I've run Eset, Malwarebytes, and Advanced SystemCare 5 I can't seem to clear out whatever my infection is. Please help!

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8325

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/6/2011 9:32:07 PM
mbam-log-2011-12-06 (21-32-07).txt

Scan type: Quick scan
Objects scanned: 176175
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\local settings\Temp\0631484.exe (Trojan.Agent) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-06 21

31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007f WDC_WD4000AAKS-00TMA0 rev.12.01C01
Running: 22dzl5nn.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxdyyaog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB54A84B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xB54A87F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB54A8AB0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB54A85D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xB54A88B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB54A8350]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB54A8410]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB54A8570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB54A8630]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB54A8530]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB54A84F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB54A8670]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xB54A8870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB54A83B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB54A8430]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xB54A8830]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB54A8370]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB54A8470]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB54A85F0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B0, 83, 4A, B5, 30, 84, 4A, ...]
? rmkcoswx.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB8CEE360, 0x2BAB3D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[440] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\SearchIndexer.exe[856] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01262EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3092] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3304] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 004553F1 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-06 21:57:37
-----------------------------
21:57:37.640 OS Version: Windows 5.1.2600 Service Pack 3
21:57:37.640 Number of processors: 2 586 0xF06
21:57:37.640 ComputerName: HOME-V6WO7CTATK UserName: Admin
21:57:38.203 Initialize success
21:57:53.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007f
21:57:53.937 Disk 0 Vendor: WDC_WD4000AAKS-00TMA0 12.01C01 Size: 381554MB BusType: 3
21:57:53.937 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000081
21:57:53.937 Disk 1 Vendor: WDC_WD4000AAKS-00TMA0 12.01C01 Size: 381554MB BusType: 3
21:57:55.953 Disk 0 MBR read successfully
21:57:55.953 Disk 0 MBR scan
21:57:55.953 Disk 0 Windows XP default MBR code
21:57:55.953 Disk 0 scanning sectors +781401600
21:57:55.984 Disk 0 scanning C:\WINDOWS\system32\drivers
21:58:03.546 Service scanning
21:58:04.375 Modules scanning
21:58:07.343 Disk 0 trace - called modules:
21:58:07.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
21:58:07.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d07ab8]
21:58:07.375 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000080[0x89cb0f18]
21:58:07.375 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000007f[0x89d4f030]
21:58:07.375 Scan finished successfully
21:58:18.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\logs\MBR.dat"
21:58:18.500 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\logs\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by Admin at 21:58:34 on 2011-12-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1261 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files\virtual account numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
BHO: {6E13D095-45C3-4271-9475-F3B48227DD9F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - c:\program files\virtual account numbers\CitiVANToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Microsoft® Windows Manager] c:\documents and settings\admin\2397-5973-7874-8623\winmgr.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /Manual
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbo x.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\net gea~2.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\win dow~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: Interfaces\{8F941D64-2372-45F4-B035-FC219EB24F19} : DhcpNameServer = 68.87.71.230 68.87.73.246
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 94.63.240.153 Google
Hosts: 94.63.240.154 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\x1bi4utn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\virtual account numbers\components\SlimOrbAddonCitiVAN.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-4 490840]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-4 366152]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-12-4 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2010-4-20 601088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-05 05:10:40 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-05 04:59:36 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-12-05 04:59:07 -------- d-----w- c:\documents and settings\admin\application data\IObit
2011-12-05 04:58:54 -------- d-----w- c:\program files\IObit
2011-12-05 01:23:28 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
2011-12-05 01:23:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-05 01:23:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 01:23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-05 01:13:55 -------- d-----w- c:\windows\system32\winrm
2011-12-05 01:13:52 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-05 01:12:46 -------- d-----w- c:\documents and settings\admin\local settings\application data\Identities
2011-12-05 01:12:43 -------- d-----w- c:\documents and settings\admin\application data\Windows Desktop Search
2011-12-05 01:12:17 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-05 01:12:17 -------- d-----w- c:\program files\Windows Desktop Search
2011-12-05 01:11:54 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-12-05 01:11:54 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-12-05 01:11:54 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-12-05 01:11:34 -------- d-----w- c:\program files\Windows Media Connect 2
2011-12-05 00:15:48 -------- d-----w- c:\documents and settings\admin\local settings\application data\Microsoft Help
2011-12-04 23:58:03 -------- d-----w- c:\documents and settings\admin\local settings\application data\ESET
2011-12-04 23:58:03 -------- d-----w- c:\documents and settings\admin\application data\ESET
2011-12-04 23:57:00 -------- d-----w- c:\program files\ESET
2011-12-04 22:05:38 -------- d-sh--r- c:\documents and settings\admin\2397-5973-7874-8623
2011-11-26 15:28:21 -------- d-----w- c:\documents and settings\admin\.bitrock
2011-11-23 20:37:02 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-11-23 20:37:02 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-11-23 20:37:01 -------- d-----w- c:\program files\Xvid
2011-11-23 20:35:40 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-11-23 20:35:25 -------- d-----w- c:\program files\common files\xing shared
2011-11-23 20:35:21 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-11-23 20:35:19 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-11-20 17:03:12 -------- d-----w- c:\windows\system32\NtmsData
2011-11-20 14:38:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-20 14:38:05 215920 ----a-w- c:\windows\system32\muweb.dll
2011-11-20 14:38:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-11-17 02:44:20 -------- d-----w- C:\tbcpd2
2011-11-17 02:44:03 -------- d-----w- C:\pdtemp
2011-11-17 02:25:52 -------- d-----w- c:\documents and settings\admin\local settings\application data\Help
2011-11-17 02:12:04 -------- d-----w- c:\program files\Stitch
2011-11-17 02:11:57 299520 ----a-w- c:\windows\uninst.exe
2011-11-17 02:11:57 -------- d-----w- c:\documents and settings\admin\WINDOWS
2011-11-16 03:14:22 -------- d-----w- c:\program files\iPod
2011-11-16 03:14:20 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-11-23 20:35:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-23 20:35:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-13 14:15:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: WDC_WD4000AAKS-00TMA0 rev.12.01C01 -> Harddisk0\DR0 -> \Device\00000081
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D07AB8]
3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000080[0x89CB0F18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007f[0x89D4F030]
kernel: MBR read successfully
_asm { ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; }
user != kernel MBR !!!
sectors 781422766 (+252): user != kernel
.
============= FINISH: 21:58:51.20 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/23/2010 8

21 PM
System Uptime: 12/6/2011 9:37:32 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | StrikerExtreme
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Socket 775 | 2405/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 373 GiB total, 316.666 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 373 GiB total, 189.353 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP117: 9/22/2011 12:07:51 AM - Software Distribution Service 3.0
RP118: 9/26/2011 8:59:14 PM - System Checkpoint
RP119: 9/27/2011 10:49:18 PM - Software Distribution Service 3.0
RP120: 10/8/2011 8:01:27 PM - System Checkpoint
RP121: 10/9/2011 8:34:22 PM - System Checkpoint
RP122: 10/16/2011 1:13:03 AM - Software Distribution Service 3.0
RP123: 10/23/2011 8:30:18 AM - Software Distribution Service 3.0
RP124: 11/12/2011 2:27:56 PM - System Checkpoint
RP125: 11/12/2011 11:11:37 PM - Software Distribution Service 3.0
RP126: 11/15/2011 9:58:12 AM - System Checkpoint
RP127: 11/17/2011 3:57:33 PM - System Checkpoint
RP128: 11/18/2011 4:04:56 PM - System Checkpoint
RP129: 11/19/2011 5:57:12 PM - System Checkpoint
RP130: 11/20/2011 1:02:05 PM - Software Distribution Service 3.0
RP131: 11/21/2011 11:02:59 PM - Software Distribution Service 3.0
RP132: 11/23/2011 11:07:35 AM - System Checkpoint
RP133: 11/26/2011 12:51:28 PM - System Checkpoint
RP134: 11/29/2011 9:35:32 PM - System Checkpoint
RP135: 12/4/2011 6:47:13 PM - avast! Free Antivirus Setup
RP136: 12/4/2011 7:08:37 PM - Software Distribution Service 3.0
RP137: 12/4/2011 7:48:01 PM - Software Distribution Service 3.0
RP138: 12/5/2011 12:12:10 AM - Installed Windows XP KB941569.
RP139: 12/5/2011 12:12:31 AM - Installed Windows Media Player 11 KB939683.
RP140: 12/5/2011 12:12:51 AM - Installed Windows Media Format 11 SDK KB929399.
RP141: 12/5/2011 12:13:00 AM - Installed Windows Media Player 11 KB954154.
RP142: 12/5/2011 12:13:18 AM - Installed Windows KB963093.
RP143: 12/5/2011 12:13:36 AM - Installed Windows XP KB2492386.
RP144: 12/5/2011 1:10:03 AM - Installed Windows Media Player KB973540.
RP145: 12/5/2011 1:10:10 AM - Installed Windows Media Player KB954155.
RP146: 12/5/2011 1:10:17 AM - Installed Windows Media Player KB952069.
RP147: 12/5/2011 1:10:23 AM - Installed Windows Media Player KB978695.
RP148: 12/5/2011 1:10:29 AM - Installed Windows Media Player KB975558.
RP149: 12/5/2011 1:10:35 AM - Installed Windows Media Player KB2378111.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Advanced SystemCare 5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 4.0
Bonjour
Canon MP Navigator EX 1.0
Canon MP610 series
Capsule
Dropbox
ESET Smart Security
EVGA Display Driver
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImgBurn
iSkysoft iMedia Converter(Build 3.0.3.0)
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Picasa 3
Plants vs. Zombies
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sid Meier's Civilization V
SoundMAX
Steam
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
ViiKii Desktop Plug-in
Virtual Account Numbers
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WN111v2
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
12/6/2011 9:38:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/4/2011 7:26:18 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/4/2011 7:25:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/4/2011 7:25:21 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/4/2011 7:23:28 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 7:23:28 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/4/2011 7:23:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
12/4/2011 7:23:28 PM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/4/2011 6:26:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
12/4/2011 6:26:00 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/4/2011 6:11:00 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 6:10:00 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 7:57:08 PM, error: Service Control Manager [7022] - The ForceWare IP service service hung on starting.
11/29/2011 7:57:05 PM, error: Service Control Manager [7022] - The ForceWare Intelligent Application Manager (IAM) service hung on starting.
11/29/2011 10:19:08 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Scan Log
Version of virus signature database: 6689 (20111206)
Date: 12/6/2011 Time: 8:35:44 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;F:\Boot sector;C:\;F:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\Admin\Application Data\Avery\Avery Assistant\4.0\1welcome.mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Admin\Local Settings\Application Data\Identities\{C8936C9B-77ED-47BC-BC2F-C7DD2DF88A5F}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Admin\My Documents\Downloads\asc-setup.exe » INNO » files.info - unsupported option
C:\Documents and Settings\Admin\My Documents\Downloads\mbam-setup-1.51.2.1300.exe » INNO » files.info - unsupported option
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe » 7ZIP » data/OFFLINE/89292046/B152136D/Launcher.exe - Win32/RegistryBooster potentially unwanted application
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe » 7ZIP » data/OFFLINE/89292046/B152136D/rbmonitor.exe - Win32/RegistryBooster potentially unwanted application
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe » 7ZIP » data/OFFLINE/89292046/B152136D/rbnotifier.exe - Win32/RegistryBooster potentially unwanted application
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe » 7ZIP » data/OFFLINE/89292046/B152136D/rb_move_serial.exe - Win32/RegistryBooster potentially unwanted application
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe » 7ZIP » data/OFFLINE/89292046/B152136D/rb_ubm.exe - Win32/RegistryBooster potentially unwanted application
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe » 7ZIP » data/OFFLINE/89292046/B152136D/registrybooster.exe - Win32/RegistryBooster potentially unwanted application
C:\Documents and Settings\Admin\My Documents\Downloads\RegUtility_Setup.exe » INNO » files.info - unsupported option
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4x5h0fg.default\ext ensions\{5385c2bc-80be-49dc-a57f-1baf78979ef7}\chrome.manifest - Win32/TrojanDownloader.Tracur.F trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4x5h0fg.default\ext ensions\{5385c2bc-80be-49dc-a57f-1baf78979ef7}\chrome\xulcache.jar » ZIP » content/overlay.xul - JS/Agent.NDJ trojan - was a part of the deleted object
C:\Documents and Settings\User\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282 C0A5B52E9909C36.1\Local Store\#ApplicationUpdater\update.air » ZIP » viikiiplugin.swf - archive damaged
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\v4x5h0fg.default\Cac he\_CACHE_001_ » SMARTINSTALLMAKER;VER=2 - error - unknown compression method
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP123\A0057923.manifest - Win32/TrojanDownloader.Tracur.F trojan - cleaned by deleting - quarantined [1]
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP134\A0061920.exe » ZIP » tbcpd2.exe » ZIP » tbcpd2/tbcpd.jar » ZIP » icons/TBCPD.app/Contents/Resources/Java/jar_1.jar » ZIP » TBCPD.app/Contents/Resources/Java/jar_1.jar » ZIP » META-INF/ - archive damaged
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP134\A0061922.exe » NSIS » __localxml.xml - Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP134\A0061926.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _detect.dat - error - password-protected file
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP134\A0061926.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _proj.dat - error - password-protected file
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP134\A0061926.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _fonts.dat - error - password-protected file
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP135\A0062106.dll - Win32/Toolbar.Zugo.A potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP135\A0062107.exe - Win32/Toolbar.Zugo potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP136\A0062423.dll - Win32/PSW.Papras.CA trojan - cleaned by deleting - quarantined [1]
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP149\A0063351.exe - Win32/AutoRun.IRCBot.HO worm - cleaned by deleting - quarantined [1]
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP149\A0063356.manifest - Win32/TrojanDownloader.Tracur.F trojan - cleaned by deleting - quarantined [1]
C:\tbcpd2\tbcpd.jar » ZIP » icons/TBCPD.app/Contents/Resources/Java/jar_1.jar » ZIP » TBCPD.app/Contents/Resources/Java/jar_1.jar » ZIP » META-INF/ - archive damaged
C:\Documents and Settings\Admin\My Documents\Downloads\registryboosterplc.exe - error opening [4]
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP134\A0061922.exe » NSIS » __localxml.xml - Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP135\A0062106.dll - Win32/Toolbar.Zugo.A potentially unwanted application - cleaned by deleting - quarantined [1]
C:\System Volume Information\_restore{54C0F23D-C0AC-4332-BF76-72AF857C3DB2}\RP135\A0062107.exe - Win32/Toolbar.Zugo potentially unwanted application - cleaned by deleting - quarantined [1]
Scan terminated by user.
Number of scanned objects: 358481
Number of threats found: 15
Number of cleaned objects: 8
Time of completion: 9:35:29 PM Total scanning time: 3585 sec (00:59:45)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

**broni** · 08-12-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== =====

Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

================================================== ===============

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

**Bonny Liang** · 09-12-2011

Nothing was found:

19:46:04.0953 1772 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13

06
19:46:05.0078 1772 ================================================== ==========
19:46:05.0078 1772 Current date / time: 2011/12/08 19:46:05.0078
19:46:05.0078 1772 SystemInfo:
19:46:05.0078 1772
19:46:05.0078 1772 OS Version: 5.1.2600 ServicePack: 3.0
19:46:05.0078 1772 Product type: Workstation
19:46:05.0078 1772 ComputerName: HOME-V6WO7CTATK
19:46:05.0078 1772 UserName: Admin
19:46:05.0078 1772 Windows directory: C:\WINDOWS
19:46:05.0078 1772 System windows directory: C:\WINDOWS
19:46:05.0078 1772 Processor architecture: Intel x86
19:46:05.0078 1772 Number of processors: 2
19:46:05.0078 1772 Page size: 0x1000
19:46:05.0078 1772 Boot type: Normal boot
19:46:05.0078 1772 ================================================== ==========
19:46:05.0453 1772 Initialize success
19:46:06.0546 3200 ================================================== ==========
19:46:06.0546 3200 Scan started
19:46:06.0546 3200 Mode: Manual;
19:46:06.0546 3200 ================================================== ==========
19:46:06.0671 3200 Abiosdsk - ok
19:46:06.0687 3200 abp480n5 - ok
19:46:06.0734 3200 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:06.0734 3200 ACPI - ok
19:46:06.0781 3200 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:06.0781 3200 ACPIEC - ok
19:46:06.0828 3200 ADIDTSFiltService (ee97365199d656ddf3197ffdb091eadf) C:\WINDOWS\system32\drivers\adidts.sys
19:46:06.0828 3200 ADIDTSFiltService - ok
19:46:06.0843 3200 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:46:06.0843 3200 ADIHdAudAddService - ok
19:46:06.0859 3200 adpu160m - ok
19:46:06.0875 3200 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
19:46:06.0875 3200 AEAudio - ok
19:46:06.0906 3200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:06.0906 3200 aec - ok
19:46:06.0937 3200 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:46:06.0937 3200 AegisP - ok
19:46:06.0968 3200 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:46:06.0968 3200 AFD - ok
19:46:06.0984 3200 Aha154x - ok
19:46:06.0984 3200 aic78u2 - ok
19:46:07.0000 3200 aic78xx - ok
19:46:07.0000 3200 AliIde - ok
19:46:07.0015 3200 amsint - ok
19:46:07.0046 3200 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:46:07.0046 3200 Arp1394 - ok
19:46:07.0046 3200 asc - ok
19:46:07.0062 3200 asc3350p - ok
19:46:07.0062 3200 asc3550 - ok
19:46:07.0109 3200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:07.0109 3200 AsyncMac - ok
19:46:07.0125 3200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:07.0125 3200 atapi - ok
19:46:07.0125 3200 Atdisk - ok
19:46:07.0140 3200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:07.0140 3200 Atmarpc - ok
19:46:07.0187 3200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:07.0187 3200 audstub - ok
19:46:07.0187 3200 BCMH43XX - ok
19:46:07.0218 3200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:07.0218 3200 Beep - ok
19:46:07.0250 3200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:07.0250 3200 cbidf2k - ok
19:46:07.0250 3200 cd20xrnt - ok
19:46:07.0281 3200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:07.0281 3200 Cdaudio - ok
19:46:07.0296 3200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:07.0296 3200 Cdfs - ok
19:46:07.0328 3200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:07.0328 3200 Cdrom - ok
19:46:07.0328 3200 Changer - ok
19:46:07.0343 3200 CmdIde - ok
19:46:07.0359 3200 Cpqarray - ok
19:46:07.0359 3200 dac2w2k - ok
19:46:07.0375 3200 dac960nt - ok
19:46:07.0406 3200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:07.0406 3200 Disk - ok
19:46:07.0453 3200 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:07.0468 3200 dmboot - ok
19:46:07.0515 3200 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:07.0515 3200 dmio - ok
19:46:07.0546 3200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:07.0546 3200 dmload - ok
19:46:07.0546 3200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:07.0546 3200 DMusic - ok
19:46:07.0593 3200 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
19:46:07.0609 3200 DNINDIS5 - ok
19:46:07.0625 3200 dpti2o - ok
19:46:07.0640 3200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:07.0640 3200 drmkaud - ok
19:46:07.0687 3200 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:46:07.0687 3200 eamon - ok
19:46:07.0718 3200 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:46:07.0718 3200 ehdrv - ok
19:46:07.0750 3200 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
19:46:07.0750 3200 epfw - ok
19:46:07.0796 3200 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:46:07.0796 3200 Epfwndis - ok
19:46:07.0843 3200 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:46:07.0843 3200 epfwtdi - ok
19:46:07.0875 3200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:07.0875 3200 Fastfat - ok
19:46:07.0890 3200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:07.0890 3200 Fdc - ok
19:46:07.0906 3200 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:07.0906 3200 Fips - ok
19:46:07.0953 3200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:07.0953 3200 Flpydisk - ok
19:46:07.0984 3200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:07.0984 3200 FltMgr - ok
19:46:08.0000 3200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:08.0000 3200 Fs_Rec - ok
19:46:08.0000 3200 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:08.0000 3200 Ftdisk - ok
19:46:08.0046 3200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:46:08.0046 3200 GEARAspiWDM - ok
19:46:08.0078 3200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:08.0078 3200 Gpc - ok
19:46:08.0109 3200 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:46:08.0109 3200 HDAudBus - ok
19:46:08.0125 3200 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:08.0125 3200 hidusb - ok
19:46:08.0125 3200 hpn - ok
19:46:08.0171 3200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:08.0171 3200 HTTP - ok
19:46:08.0203 3200 i2omgmt - ok
19:46:08.0203 3200 i2omp - ok
19:46:08.0234 3200 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
19:46:08.0234 3200 i8042prt - ok
19:46:08.0234 3200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:08.0234 3200 Imapi - ok
19:46:08.0250 3200 ini910u - ok
19:46:08.0250 3200 IntelIde - ok
19:46:08.0296 3200 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:08.0296 3200 intelppm - ok
19:46:08.0312 3200 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:08.0328 3200 ip6fw - ok
19:46:08.0343 3200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:08.0343 3200 IpFilterDriver - ok
19:46:08.0359 3200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:08.0375 3200 IpInIp - ok
19:46:08.0390 3200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:08.0406 3200 IpNat - ok
19:46:08.0406 3200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:08.0406 3200 IPSec - ok
19:46:08.0421 3200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:08.0421 3200 IRENUM - ok
19:46:08.0437 3200 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:08.0437 3200 isapnp - ok
19:46:08.0484 3200 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
19:46:08.0484 3200 JSWSCIMD - ok
19:46:08.0484 3200 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:08.0484 3200 Kbdclass - ok
19:46:08.0500 3200 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:46:08.0500 3200 kbdhid - ok
19:46:08.0515 3200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:08.0515 3200 kmixer - ok
19:46:08.0546 3200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:08.0546 3200 KSecDD - ok
19:46:08.0562 3200 lbrtfdc - ok
19:46:08.0562 3200 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
19:46:08.0562 3200 MBAMProtector - ok
19:46:08.0578 3200 MBAMSwissArmy - ok
19:46:08.0578 3200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:08.0593 3200 mnmdd - ok
19:46:08.0609 3200 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:08.0609 3200 Modem - ok
19:46:08.0609 3200 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:08.0609 3200 Mouclass - ok
19:46:08.0640 3200 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:08.0640 3200 mouhid - ok
19:46:08.0640 3200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:08.0640 3200 MountMgr - ok
19:46:08.0656 3200 mraid35x - ok
19:46:08.0671 3200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:08.0671 3200 MRxDAV - ok
19:46:08.0703 3200 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:08.0718 3200 MRxSmb - ok
19:46:08.0750 3200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:08.0750 3200 Msfs - ok
19:46:08.0765 3200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:08.0765 3200 MSKSSRV - ok
19:46:08.0781 3200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:08.0781 3200 MSPCLOCK - ok
19:46:08.0781 3200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:08.0781 3200 MSPQM - ok
19:46:08.0812 3200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:08.0812 3200 mssmbios - ok
19:46:08.0843 3200 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
19:46:08.0843 3200 msvad_simple - ok
19:46:08.0875 3200 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:46:08.0875 3200 MTsensor - ok
19:46:08.0921 3200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:46:08.0921 3200 Mup - ok
19:46:08.0937 3200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:08.0937 3200 NDIS - ok
19:46:08.0953 3200 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:08.0953 3200 NdisTapi - ok
19:46:08.0984 3200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:08.0984 3200 Ndisuio - ok
19:46:08.0984 3200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:09.0000 3200 NdisWan - ok
19:46:09.0015 3200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:09.0015 3200 NDProxy - ok
19:46:09.0031 3200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:09.0031 3200 NetBIOS - ok
19:46:09.0046 3200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:09.0062 3200 NetBT - ok
19:46:09.0078 3200 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:46:09.0078 3200 NIC1394 - ok
19:46:09.0093 3200 NPF - ok
19:46:09.0093 3200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:09.0093 3200 Npfs - ok
19:46:09.0140 3200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:09.0156 3200 Ntfs - ok
19:46:09.0203 3200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:09.0203 3200 Null - ok
19:46:09.0375 3200 nv (da63d1aa47da369c211452086992dfb4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:46:09.0500 3200 nv - ok
19:46:09.0546 3200 nvata (dc1f9954b5eddd147af7e5c420be7b93) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:46:09.0546 3200 nvata - ok
19:46:09.0562 3200 NVENETFD (974551a956f3269f460d4b18101eec46) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:46:09.0562 3200 NVENETFD - ok
19:46:09.0593 3200 nvnetbus (7fc2baf84006f28cb9f477a167fff9ba) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:46:09.0593 3200 nvnetbus - ok
19:46:09.0609 3200 NVTCP (1f5140a455e4fb9ce031ddefb9a1f427) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
19:46:09.0625 3200 NVTCP - ok
19:46:09.0656 3200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:09.0656 3200 NwlnkFlt - ok
19:46:09.0671 3200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:09.0671 3200 NwlnkFwd - ok
19:46:09.0671 3200 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:46:09.0671 3200 ohci1394 - ok
19:46:09.0703 3200 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:46:09.0703 3200 Parport - ok
19:46:09.0703 3200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:09.0703 3200 PartMgr - ok
19:46:09.0718 3200 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:09.0734 3200 ParVdm - ok
19:46:09.0734 3200 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:09.0734 3200 PCI - ok
19:46:09.0750 3200 PCIDump - ok
19:46:09.0765 3200 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:09.0765 3200 PCIIde - ok
19:46:09.0781 3200 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:09.0781 3200 Pcmcia - ok
19:46:09.0796 3200 PDCOMP - ok
19:46:09.0796 3200 PDFRAME - ok
19:46:09.0812 3200 PDRELI - ok
19:46:09.0812 3200 PDRFRAME - ok
19:46:09.0828 3200 perc2 - ok
19:46:09.0828 3200 perc2hib - ok
19:46:09.0843 3200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:09.0843 3200 PptpMiniport - ok
19:46:09.0843 3200 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:46:09.0859 3200 Processor - ok
19:46:09.0875 3200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:09.0890 3200 PSched - ok
19:46:09.0906 3200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:09.0906 3200 Ptilink - ok
19:46:09.0921 3200 ql1080 - ok
19:46:09.0921 3200 Ql10wnt - ok
19:46:09.0937 3200 ql12160 - ok
19:46:09.0937 3200 ql1240 - ok
19:46:09.0953 3200 ql1280 - ok
19:46:09.0968 3200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:09.0968 3200 RasAcd - ok
19:46:09.0968 3200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:09.0968 3200 Rasl2tp - ok
19:46:09.0984 3200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:09.0984 3200 RasPppoe - ok
19:46:09.0984 3200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:09.0984 3200 Raspti - ok
19:46:10.0015 3200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:10.0015 3200 Rdbss - ok
19:46:10.0031 3200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:10.0031 3200 RDPCDD - ok
19:46:10.0031 3200 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:10.0046 3200 rdpdr - ok
19:46:10.0093 3200 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:10.0093 3200 RDPWD - ok
19:46:10.0109 3200 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:10.0109 3200 redbook - ok
19:46:10.0125 3200 RTLWUSB - ok
19:46:10.0156 3200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:10.0156 3200 Secdrv - ok
19:46:10.0156 3200 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:46:10.0171 3200 Serial - ok
19:46:10.0203 3200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:10.0203 3200 Sfloppy - ok
19:46:10.0234 3200 SI3132 (6e42ca2af3516cda7f3776a186ca4f78) C:\WINDOWS\system32\DRIVERS\SI3132.sys
19:46:10.0234 3200 SI3132 - ok
19:46:10.0234 3200 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
19:46:10.0500 3200 SiFilter - ok
19:46:10.0578 3200 Simbad - ok
19:46:10.0609 3200 SiRemFil (e0cbd289912e2abd42580c15bb41339e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
19:46:10.0609 3200 SiRemFil - ok
19:46:10.0609 3200 Sparrow - ok
19:46:10.0656 3200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:10.0656 3200 splitter - ok
19:46:10.0656 3200 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:10.0656 3200 sr - ok
19:46:10.0718 3200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:10.0718 3200 Srv - ok
19:46:10.0734 3200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:10.0734 3200 swenum - ok
19:46:10.0750 3200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:10.0750 3200 swmidi - ok
19:46:10.0750 3200 symc810 - ok
19:46:10.0765 3200 symc8xx - ok
19:46:10.0765 3200 sym_hi - ok
19:46:10.0781 3200 sym_u3 - ok
19:46:10.0796 3200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:10.0796 3200 sysaudio - ok
19:46:10.0859 3200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:10.0859 3200 Tcpip - ok
19:46:10.0890 3200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:10.0890 3200 TDPIPE - ok
19:46:10.0906 3200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:10.0906 3200 TDTCP - ok
19:46:10.0906 3200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:10.0906 3200 TermDD - ok
19:46:10.0921 3200 TosIde - ok
19:46:10.0937 3200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:10.0953 3200 Udfs - ok
19:46:10.0953 3200 ultra - ok
19:46:10.0984 3200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:10.0984 3200 Update - ok
19:46:11.0015 3200 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:46:11.0015 3200 USBAAPL - ok
19:46:11.0046 3200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:11.0046 3200 usbccgp - ok
19:46:11.0093 3200 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:11.0093 3200 usbehci - ok
19:46:11.0140 3200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:11.0140 3200 usbhub - ok
19:46:11.0171 3200 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:46:11.0171 3200 usbohci - ok
19:46:11.0187 3200 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:11.0187 3200 usbprint - ok
19:46:11.0203 3200 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:11.0203 3200 usbscan - ok
19:46:11.0218 3200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:11.0218 3200 USBSTOR - ok
19:46:11.0250 3200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:11.0250 3200 VgaSave - ok
19:46:11.0250 3200 ViaIde - ok
19:46:11.0296 3200 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:11.0296 3200 VolSnap - ok
19:46:11.0343 3200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:11.0343 3200 Wanarp - ok
19:46:11.0343 3200 WDICA - ok
19:46:11.0406 3200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:11.0406 3200 wdmaud - ok
19:46:11.0484 3200 WN111v2 (f1857f0a8e48dabf792c71692606d638) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
19:46:11.0500 3200 WN111v2 - ok
19:46:11.0531 3200 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:46:11.0531 3200 WS2IFSL - ok
19:46:11.0562 3200 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
19:46:11.0562 3200 WSIMD - ok
19:46:11.0593 3200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:11.0593 3200 WudfPf - ok
19:46:11.0625 3200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:11.0625 3200 WudfRd - ok
19:46:11.0656 3200 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:46:11.0703 3200 \Device\Harddisk0\DR0 - ok
19:46:11.0703 3200 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:46:11.0703 3200 \Device\Harddisk1\DR1 - ok
19:46:11.0703 3200 Boot (0x1200) (35328d4d8e1869fb25f2f4119fb68ce7) \Device\Harddisk0\DR0\Partition0
19:46:11.0703 3200 \Device\Harddisk0\DR0\Partition0 - ok
19:46:11.0703 3200 Boot (0x1200) (cad0d399291d5206f0046d9f3656f303) \Device\Harddisk1\DR1\Partition0
19:46:11.0703 3200 \Device\Harddisk1\DR1\Partition0 - ok
19:46:11.0703 3200 ================================================== ==========
19:46:11.0703 3200 Scan finished
19:46:11.0703 3200 ================================================== ==========
19:46:11.0718 3188 Detected object count: 0
19:46:11.0718 3188 Actual detected object count: 0
19:46:27.0578 1848 ================================================== ==========
19:46:27.0578 1848 Scan started
19:46:27.0578 1848 Mode: Manual;
19:46:27.0578 1848 ================================================== ==========
19:46:27.0812 1848 Abiosdsk - ok
19:46:27.0828 1848 abp480n5 - ok
19:46:27.0937 1848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:27.0937 1848 ACPI - ok
19:46:28.0062 1848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:28.0062 1848 ACPIEC - ok
19:46:28.0203 1848 ADIDTSFiltService (ee97365199d656ddf3197ffdb091eadf) C:\WINDOWS\system32\drivers\adidts.sys
19:46:28.0203 1848 ADIDTSFiltService - ok
19:46:28.0359 1848 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:46:28.0359 1848 ADIHdAudAddService - ok
19:46:28.0421 1848 adpu160m - ok
19:46:28.0546 1848 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
19:46:28.0546 1848 AEAudio - ok
19:46:28.0671 1848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:28.0671 1848 aec - ok
19:46:28.0781 1848 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:46:28.0781 1848 AegisP - ok
19:46:28.0921 1848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:46:28.0921 1848 AFD - ok
19:46:28.0968 1848 Aha154x - ok
19:46:29.0046 1848 aic78u2 - ok
19:46:29.0093 1848 aic78xx - ok
19:46:29.0156 1848 AliIde - ok
19:46:29.0203 1848 amsint - ok
19:46:29.0328 1848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:46:29.0328 1848 Arp1394 - ok
19:46:29.0375 1848 asc - ok
19:46:29.0406 1848 asc3350p - ok
19:46:29.0453 1848 asc3550 - ok
19:46:29.0562 1848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:29.0562 1848 AsyncMac - ok
19:46:29.0671 1848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:29.0671 1848 atapi - ok
19:46:29.0734 1848 Atdisk - ok
19:46:29.0875 1848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:29.0875 1848 Atmarpc - ok
19:46:30.0000 1848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:30.0000 1848 audstub - ok
19:46:30.0046 1848 BCMH43XX - ok
19:46:30.0156 1848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:30.0156 1848 Beep - ok
19:46:30.0234 1848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:30.0234 1848 cbidf2k - ok
19:46:30.0281 1848 cd20xrnt - ok
19:46:30.0390 1848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:30.0390 1848 Cdaudio - ok
19:46:30.0546 1848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:30.0546 1848 Cdfs - ok
19:46:30.0593 1848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:30.0593 1848 Cdrom - ok
19:46:30.0609 1848 Changer - ok
19:46:30.0625 1848 CmdIde - ok
19:46:30.0656 1848 Cpqarray - ok
19:46:30.0656 1848 dac2w2k - ok
19:46:30.0671 1848 dac960nt - ok
19:46:30.0734 1848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:30.0734 1848 Disk - ok
19:46:30.0796 1848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:30.0812 1848 dmboot - ok
19:46:30.0828 1848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:30.0828 1848 dmio - ok
19:46:30.0843 1848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:30.0843 1848 dmload - ok
19:46:30.0875 1848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:30.0875 1848 DMusic - ok
19:46:30.0921 1848 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
19:46:30.0921 1848 DNINDIS5 - ok
19:46:30.0984 1848 dpti2o - ok
19:46:31.0093 1848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:31.0093 1848 drmkaud - ok
19:46:31.0265 1848 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:46:31.0265 1848 eamon - ok
19:46:31.0578 1848 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:46:31.0578 1848 ehdrv - ok
19:46:31.0921 1848 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
19:46:31.0921 1848 epfw - ok
19:46:32.0296 1848 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:46:32.0296 1848 Epfwndis - ok
19:46:32.0593 1848 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:46:32.0593 1848 epfwtdi - ok
19:46:32.0968 1848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:32.0968 1848 Fastfat - ok
19:46:33.0484 1848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:33.0484 1848 Fdc - ok
19:46:33.0812 1848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:33.0812 1848 Fips - ok
19:46:34.0015 1848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:34.0015 1848 Flpydisk - ok
19:46:34.0328 1848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:34.0328 1848 FltMgr - ok
19:46:34.0734 1848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:34.0734 1848 Fs_Rec - ok
19:46:34.0984 1848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:35.0000 1848 Ftdisk - ok
19:46:35.0281 1848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:46:35.0281 1848 GEARAspiWDM - ok
19:46:35.0718 1848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:35.0718 1848 Gpc - ok
19:46:36.0078 1848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:46:36.0078 1848 HDAudBus - ok
19:46:36.0593 1848 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:36.0593 1848 hidusb - ok
19:46:36.0859 1848 hpn - ok
19:46:37.0156 1848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:37.0156 1848 HTTP - ok
19:46:37.0656 1848 i2omgmt - ok
19:46:37.0921 1848 i2omp - ok
19:46:38.0343 1848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
19:46:38.0343 1848 i8042prt - ok
19:46:38.0765 1848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:38.0765 1848 Imapi - ok
19:46:39.0031 1848 ini910u - ok
19:46:39.0421 1848 IntelIde - ok
19:46:39.0796 1848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:39.0796 1848 intelppm - ok
19:46:40.0125 1848 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:40.0125 1848 ip6fw - ok
19:46:40.0578 1848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:40.0578 1848 IpFilterDriver - ok
19:46:40.0953 1848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:40.0953 1848 IpInIp - ok
19:46:41.0500 1848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:41.0500 1848 IpNat - ok
19:46:41.0843 1848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:41.0843 1848 IPSec - ok
19:46:42.0125 1848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:42.0125 1848 IRENUM - ok
19:46:42.0625 1848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:42.0640 1848 isapnp - ok
19:46:42.0968 1848 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
19:46:42.0968 1848 JSWSCIMD - ok
19:46:43.0312 1848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:43.0312 1848 Kbdclass - ok
19:46:43.0703 1848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:46:43.0703 1848 kbdhid - ok
19:46:43.0984 1848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:43.0984 1848 kmixer - ok
19:46:44.0531 1848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:44.0531 1848 KSecDD - ok
19:46:45.0250 1848 lbrtfdc - ok
19:46:46.0093 1848 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
19:46:46.0093 1848 MBAMProtector - ok
19:46:46.0500 1848 MBAMSwissArmy - ok
19:46:46.0687 1848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:46.0687 1848 mnmdd - ok
19:46:46.0859 1848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:46.0859 1848 Modem - ok
19:46:47.0031 1848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:47.0031 1848 Mouclass - ok
19:46:47.0500 1848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:47.0500 1848 mouhid - ok
19:46:47.0890 1848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:47.0890 1848 MountMgr - ok
19:46:48.0015 1848 mraid35x - ok
19:46:48.0109 1848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:48.0109 1848 MRxDAV - ok
19:46:48.0421 1848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:48.0421 1848 MRxSmb - ok
19:46:48.0671 1848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:48.0671 1848 Msfs - ok
19:46:48.0875 1848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:48.0875 1848 MSKSSRV - ok
19:46:49.0156 1848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:49.0156 1848 MSPCLOCK - ok
19:46:49.0359 1848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:49.0359 1848 MSPQM - ok
19:46:49.0593 1848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:49.0593 1848 mssmbios - ok
19:46:49.0656 1848 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
19:46:49.0656 1848 msvad_simple - ok
19:46:49.0984 1848 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:46:49.0984 1848 MTsensor - ok
19:46:50.0171 1848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:46:50.0171 1848 Mup - ok
19:46:50.0234 1848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:50.0250 1848 NDIS - ok
19:46:50.0265 1848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:50.0265 1848 NdisTapi - ok
19:46:50.0296 1848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:50.0296 1848 Ndisuio - ok
19:46:50.0312 1848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:50.0312 1848 NdisWan - ok
19:46:50.0359 1848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:50.0359 1848 NDProxy - ok
19:46:50.0375 1848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:50.0375 1848 NetBIOS - ok
19:46:50.0406 1848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:50.0406 1848 NetBT - ok
19:46:50.0421 1848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:46:50.0421 1848 NIC1394 - ok
19:46:50.0437 1848 NPF - ok
19:46:50.0468 1848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:50.0468 1848 Npfs - ok
19:46:50.0515 1848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:50.0531 1848 Ntfs - ok
19:46:50.0562 1848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:50.0562 1848 Null - ok
19:46:50.0718 1848 nv (da63d1aa47da369c211452086992dfb4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:46:50.0750 1848 nv - ok
19:46:50.0812 1848 nvata (dc1f9954b5eddd147af7e5c420be7b93) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:46:50.0812 1848 nvata - ok
19:46:50.0843 1848 NVENETFD (974551a956f3269f460d4b18101eec46) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:46:50.0843 1848 NVENETFD - ok
19:46:50.0906 1848 nvnetbus (7fc2baf84006f28cb9f477a167fff9ba) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:46:50.0906 1848 nvnetbus - ok
19:46:50.0953 1848 NVTCP (1f5140a455e4fb9ce031ddefb9a1f427) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
19:46:50.0953 1848 NVTCP - ok
19:46:50.0984 1848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:50.0984 1848 NwlnkFlt - ok
19:46:51.0000 1848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:51.0000 1848 NwlnkFwd - ok
19:46:51.0015 1848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:46:51.0031 1848 ohci1394 - ok
19:46:51.0046 1848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:46:51.0046 1848 Parport - ok
19:46:51.0062 1848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:51.0062 1848 PartMgr - ok
19:46:51.0078 1848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:51.0078 1848 ParVdm - ok
19:46:51.0093 1848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:51.0093 1848 PCI - ok
19:46:51.0109 1848 PCIDump - ok
19:46:51.0140 1848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:51.0140 1848 PCIIde - ok
19:46:51.0156 1848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:51.0156 1848 Pcmcia - ok
19:46:51.0156 1848 PDCOMP - ok
19:46:51.0171 1848 PDFRAME - ok
19:46:51.0171 1848 PDRELI - ok
19:46:51.0187 1848 PDRFRAME - ok
19:46:51.0187 1848 perc2 - ok
19:46:51.0203 1848 perc2hib - ok
19:46:51.0218 1848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:51.0218 1848 PptpMiniport - ok
19:46:51.0218 1848 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:46:51.0218 1848 Processor - ok
19:46:51.0234 1848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:51.0234 1848 PSched - ok
19:46:51.0250 1848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:51.0250 1848 Ptilink - ok
19:46:51.0250 1848 ql1080 - ok
19:46:51.0265 1848 Ql10wnt - ok
19:46:51.0265 1848 ql12160 - ok
19:46:51.0281 1848 ql1240 - ok
19:46:51.0281 1848 ql1280 - ok
19:46:51.0312 1848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:51.0312 1848 RasAcd - ok
19:46:51.0312 1848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:51.0312 1848 Rasl2tp - ok
19:46:51.0328 1848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:51.0328 1848 RasPppoe - ok
19:46:51.0328 1848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:51.0328 1848 Raspti - ok
19:46:51.0343 1848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:51.0343 1848 Rdbss - ok
19:46:51.0359 1848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:51.0375 1848 RDPCDD - ok
19:46:51.0375 1848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:51.0375 1848 rdpdr - ok
19:46:51.0421 1848 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:51.0421 1848 RDPWD - ok
19:46:51.0437 1848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:51.0437 1848 redbook - ok
19:46:51.0453 1848 RTLWUSB - ok
19:46:51.0468 1848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:51.0468 1848 Secdrv - ok
19:46:51.0484 1848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:46:51.0484 1848 Serial - ok
19:46:51.0515 1848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:51.0515 1848 Sfloppy - ok
19:46:51.0546 1848 SI3132 (6e42ca2af3516cda7f3776a186ca4f78) C:\WINDOWS\system32\DRIVERS\SI3132.sys
19:46:51.0546 1848 SI3132 - ok
19:46:51.0546 1848 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
19:46:51.0546 1848 SiFilter - ok
19:46:51.0562 1848 Simbad - ok
19:46:51.0562 1848 SiRemFil (e0cbd289912e2abd42580c15bb41339e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
19:46:51.0562 1848 SiRemFil - ok
19:46:51.0578 1848 Sparrow - ok
19:46:51.0593 1848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:51.0593 1848 splitter - ok
19:46:51.0609 1848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:51.0609 1848 sr - ok
19:46:51.0656 1848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:51.0656 1848 Srv - ok
19:46:51.0671 1848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:51.0671 1848 swenum - ok
19:46:51.0671 1848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:51.0671 1848 swmidi - ok
19:46:51.0687 1848 symc810 - ok
19:46:51.0687 1848 symc8xx - ok
19:46:51.0703 1848 sym_hi - ok
19:46:51.0703 1848 sym_u3 - ok
19:46:51.0718 1848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:51.0718 1848 sysaudio - ok
19:46:51.0750 1848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:51.0750 1848 Tcpip - ok
19:46:51.0781 1848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:51.0781 1848 TDPIPE - ok
19:46:51.0781 1848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:51.0781 1848 TDTCP - ok
19:46:51.0796 1848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:51.0796 1848 TermDD - ok
19:46:51.0812 1848 TosIde - ok
19:46:51.0828 1848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:51.0828 1848 Udfs - ok
19:46:51.0843 1848 ultra - ok
19:46:51.0875 1848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:51.0875 1848 Update - ok
19:46:51.0890 1848 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:46:51.0906 1848 USBAAPL - ok
19:46:51.0937 1848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:51.0937 1848 usbccgp - ok
19:46:51.0984 1848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:51.0984 1848 usbehci - ok
19:46:52.0031 1848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:52.0031 1848 usbhub - ok
19:46:52.0062 1848 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:46:52.0062 1848 usbohci - ok
19:46:52.0078 1848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:52.0078 1848 usbprint - ok
19:46:52.0093 1848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:52.0093 1848 usbscan - ok
19:46:52.0109 1848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:52.0109 1848 USBSTOR - ok
19:46:52.0140 1848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:52.0140 1848 VgaSave - ok
19:46:52.0156 1848 ViaIde - ok
19:46:52.0171 1848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:52.0171 1848 VolSnap - ok
19:46:52.0203 1848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:52.0203 1848 Wanarp - ok
19:46:52.0250 1848 WDICA - ok
19:46:52.0296 1848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:52.0296 1848 wdmaud - ok
19:46:52.0421 1848 WN111v2 (f1857f0a8e48dabf792c71692606d638) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
19:46:52.0421 1848 WN111v2 - ok
19:46:52.0453 1848 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:46:52.0453 1848 WS2IFSL - ok
19:46:52.0484 1848 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
19:46:52.0484 1848 WSIMD - ok
19:46:52.0531 1848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:52.0531 1848 WudfPf - ok
19:46:52.0546 1848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:52.0546 1848 WudfRd - ok
19:46:52.0593 1848 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:46:52.0640 1848 \Device\Harddisk0\DR0 - ok
19:46:52.0640 1848 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:46:52.0656 1848 \Device\Harddisk1\DR1 - ok
19:46:52.0656 1848 Boot (0x1200) (35328d4d8e1869fb25f2f4119fb68ce7) \Device\Harddisk0\DR0\Partition0
19:46:52.0656 1848 \Device\Harddisk0\DR0\Partition0 - ok
19:46:52.0656 1848 Boot (0x1200) (cad0d399291d5206f0046d9f3656f303) \Device\Harddisk1\DR1\Partition0
19:46:52.0656 1848 \Device\Harddisk1\DR1\Partition0 - ok
19:46:52.0656 1848 ================================================== ==========
19:46:52.0656 1848 Scan finished
19:46:52.0656 1848 ================================================== ==========
19:46:52.0656 1800 Detected object count: 0
19:46:52.0656 1800 Actual detected object count: 0

**broni** · 09-12-2011

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Bonny Liang** · 09-12-2011

ComboFix 11-12-08.01 - Admin 12/08/2011 22:04:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1384 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\Local
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\2500.4547401.avi&b=174(2).ddp
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\2500.4547401.avi&b=174(3).ddp
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\2500.4547401.avi&b=174.ddp
c:\documents and settings\Admin\vvgyycyfxb.tmp
c:\documents and settings\Admin\WINDOWS
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_n ormal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background. png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.pn g
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.pn g
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.pn g
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.pn g
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.p ng
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.p ng
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.p ng
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\uninstall.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-07 03:46 . 2011-12-07 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\xml_param
2011-12-05 05:10 . 2011-10-20 03:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-05 04:59 . 2011-12-05 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-12-05 04:59 . 2011-12-05 04:59 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
2011-12-05 04:58 . 2011-12-05 04:58 -------- d-----w- c:\program files\IObit
2011-12-05 01:23 . 2011-12-05 01:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-12-05 01:23 . 2011-12-05 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-05 01:23 . 2011-12-05 01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-05 01:23 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 01:14 . 2011-12-05 01:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-12-05 01:13 . 2011-12-05 01:13 -------- d-----w- c:\windows\system32\winrm
2011-12-05 01:13 . 2011-12-05 01:14 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-05 01:12 . 2011-12-05 01:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
2011-12-05 01:12 . 2011-12-05 01:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2011-12-05 01:12 . 2011-12-07 05:15 -------- d-----w- c:\program files\Windows Desktop Search
2011-12-05 01:12 . 2011-12-05 01:12 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-05 01:11 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-12-05 01:11 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-12-05 01:11 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-12-05 01:11 . 2011-12-05 01:11 -------- d-----w- c:\program files\Windows Media Connect 2
2011-12-05 00:48 . 2011-12-05 00:48 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-12-05 00:15 . 2011-12-05 00:15 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2011-12-04 23:58 . 2011-12-04 23:58 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ESET
2011-12-04 23:58 . 2011-12-04 23:58 -------- d-----w- c:\documents and settings\Admin\Application Data\ESET
2011-12-04 23:57 . 2011-12-04 23:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-12-04 23:57 . 2011-12-04 23:57 -------- d-----w- c:\program files\ESET
2011-12-04 23:57 . 2011-12-04 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-12-04 22:05 . 2011-12-07 01:00 -------- d-sh--r- c:\documents and settings\Admin\2397-5973-7874-8623
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Admin\.bitrock
2011-11-23 20:37 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-11-23 20:37 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-11-23 20:37 . 2011-11-26 15:28 -------- d-----w- c:\program files\Xvid
2011-11-23 20:35 . 2011-11-23 20:35 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-11-23 20:35 . 2011-11-23 20:35 -------- d-----w- c:\program files\Common Files\xing shared
2011-11-23 20:35 . 2011-11-23 20:35 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-11-23 20:35 . 2011-11-23 20:35 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-11-23 20:35 . 2011-11-23 20:35 -------- d-----w- c:\program files\Real
2011-11-20 18:05 . 2011-11-20 18:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2011-11-20 17:03 . 2011-12-05 00:40 -------- d-----w- c:\windows\system32\NtmsData
2011-11-20 14:38 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-20 14:38 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-11-17 02:44 . 2011-11-17 02:44 -------- d-----w- C:\tbcpd2
2011-11-17 02:44 . 2011-11-17 02:44 -------- d-----w- C:\pdtemp
2011-11-17 02:25 . 2011-11-17 02:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Help
2011-11-17 02:12 . 2011-11-17 02:33 -------- d-----w- c:\program files\Stitch
2011-11-17 02:11 . 1998-02-07 03:37 299520 ----a-w- c:\windows\uninst.exe
2011-11-16 03:14 . 2011-11-16 03:14 -------- d-----w- c:\program files\iPod
2011-11-16 03:14 . 2011-11-16 03:14 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-11-23 20:35 . 2011-06-17 23:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-23 20:35 . 2011-06-17 23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-13 14:15 . 2011-05-15 01:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-04-24 00:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 15:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-13 14:15 . 2011-05-21 03:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-02-23 7774208]
"nwiz"="nwiz.exe" [2007-02-23 1622016]
"NvMediaCenter"="c:\windows\System32\NvMcTray. dll" [2007-02-23 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-23 296056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-9 142336]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStart up
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]
2009-07-10 21:53 372736 ----a-w- c:\progra~1\VIRTUA~1\CitiVAN.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-02-27 04:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2011 8:23 PM 366152]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [12/4/2011 8:23 PM 22216]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [4/20/2010 4:12 AM 601088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys --> c:\windows\system32\DRIVERS\bcmwlhigh5.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 10:54 AM 360547]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2011-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\x1bi4utn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Microsoft® Windows Manager - c:\documents and settings\Admin\2397-5973-7874-8623\winmgr.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-08 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: WDC_WD4000AAKS-00TMA0 rev.12.01C01 -> Harddisk0\DR0 -> \Device\00000083
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 781422766 (+252): user != kernel
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1715567821-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:16,52,d7,12,f4,a1,48,62,e2,a7,f7,4d ,ef,4b,ad,07,83,47,1b,8b,79,
26,be,2e,ff,b7,f5,7c,90,6e,67,87,b7,03,44,0b,3e,02 ,3e,60,dc,7d,a3,c7,0b,ec,\
"rkeysecu"=hex:e7,75,d7,00,4a,0f,04,c9,3d,89,dd,a8 ,a3,8b,7d,1a
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\WININET.dll
c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2011-12-08 22:16:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 03:16
.
Pre-Run: 339,889,336,320 bytes free
Post-Run: 340,494,147,584 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2E7F1C02A7B7B1D93A77CB8851FE2707

**broni** · 09-12-2011

How is redirection?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**Bonny Liang** · 09-12-2011

Hey my redirect problem is gone. Does this mean my virus is cleared out now? I ran the OTL:

OTL logfile created on: 12/8/2011 11:08:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.01% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 322.86 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 192.25 Gb Free Space | 51.60% Space Free | Partition Type: NTFS

Computer Name: HOME-V6WO7CTATK | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 23:07:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/11/23 15:35:16 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/11/04 09:20:04 | 001,507,431 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/08 12:12:50 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
PRC - [2006/09/08 12:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/09/08 12:12:50 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e

========== Win32 Services (SafeList) ==========

SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 10:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2006/09/08 12:12:50 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/08 12:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/09 09:37:28 | 000,039,824 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 11:22:12 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/04/20 04:12:32 | 000,601,088 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/10/01 15:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/12/14 03:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/12/08 04:06:00 | 000,139,776 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2006/09/21 10:39:16 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/07 11:39:24 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/08/07 11:39:22 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/07 11:39:14 | 000,110,080 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/03/16 17:03:10 | 000,067,712 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/10/18 14:15:28 | 000,005,504 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2004/11/01 14

32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/12 21

20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB D5 E0 0F 94 88 25 42 BE 77 01 E4 A2 91 4D 48 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB D5 E0 0F 94 88 25 42 BE 77 01 E4 A2 91 4D 48 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB D5 E0 0F 94 88 25 42 BE 77 01 E4 A2 91 4D 48 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB D5 E0 0F 94 88 25 42 BE 77 01 E4 A2 91 4D 48 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB D5 E0 0F 94 88 25 42 BE 77 01 E4 A2 91 4D 48 [binary data]
IE - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: citius@orbiscom:3.7.11.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..extensions.enabledItems: enquiries@retailmenot.com:2.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\citius@orbiscom: C:\Program Files\Virtual Account Numbers [2010/11/26 09:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt [2011/11/23 15:35:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 09:15:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/23 15:35:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/12/04 18:57:11 | 000,000,000 | ---D | M]

[2010/04/23 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/11/03 22:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\x1bi4utn.default\ext ensions
[2011/09/05 10:33:22 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\x1bi4utn.default\ext ensions\foxmarks@kei.com
[2011/11/03 22:08:57 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\x1bi4utn.default\ext ensions\netvideohunter@netvideohunter.com
[2011/07/19 09:28:00 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\x1bi4utn.default\sea rchplugins\s-amazon.xml
[2011/11/13 09:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/23 15:35:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\E XT
[2011/11/13 09:15:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/09 11:43:58 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 21

39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 09:15:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/08 22:10:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1229272821-1715567821-839522115-1003..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{4CFE0871-E20C-445E-A8F9-0E33C93231C5}: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8F941D64-2372-45F4-B035-FC219EB24F19}: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/23 19:20:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 23:07:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/12/08 22:02:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/08 22:00:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/08 22:00:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/08 22:00:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/08 22:00:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/08 22:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/08 22:00:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/06 22:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/12/06 21:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\logs
[2011/12/04 23:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/12/04 23:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\IObit
[2011/12/04 23:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/12/04 20:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/12/04 20:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/04 20:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/04 20:23:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/04 20:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/04 20:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/12/04 20:13:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/12/04 20:13:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/12/04 20:13:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/12/04 20:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Identities
[2011/12/04 20:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2011/12/04 20:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/12/04 20:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/12/04 20:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/12/04 19:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/12/04 19:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft Help
[2011/12/04 18:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ESET
[2011/12/04 18:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ESET
[2011/12/04 18:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/12/04 18:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/04 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/12/04 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/12/04 17:05:38 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Admin\2397-5973-7874-8623
[2011/11/26 10:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\.bitrock
[2011/11/23 15:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2011/11/23 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/11/23 15:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/23 15:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/11/23 15:35:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/11/23 15:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/11/23 15:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/11/23 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Real
[2011/11/20 12:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/16 21:44:20 | 000,000,000 | ---D | C] -- C:\tbcpd2
[2011/11/16 21:44:03 | 000,000,000 | ---D | C] -- C:\pdtemp
[2011/11/16 21:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Help
[2011/11/16 21:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Help
[2011/11/16 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Stitch
[2011/11/16 21:11:57 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/11/15 22:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/15 22:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 22:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 23:07:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/12/08 22:10:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/08 22:10:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1715567821-839522115-1003.job
[2011/12/08 22:10:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1715567821-839522115-1003.job
[2011/12/08 22:10:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/08 22:09:48 | 000,205,732 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
[2011/12/08 22:09:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 22:02:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/06 22:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/05 01:13:56 | 000,494,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/05 01:13:56 | 000,083,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/05 00:13:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/04 20:23:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/04 20:12:27 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/12/04 20:11:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/04 20:11:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/04 19:48:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2011/12/04 18:47:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/03 10:19:10 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/23 15:35:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/11/20 17:36:22 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/16 21:24:01 | 000,024,025 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\c856f069.jpg
[2011/11/15 22:14:55 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 22:02:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/08 22:02:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/08 22:00:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/08 22:00:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/08 22:00:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/08 22:00:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/08 22:00:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/05 00:13:24 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/12/05 00:12:13 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/12/05 00:10:40 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/12/04 20:23:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/04 20:12:27 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/12/04 20:12:27 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/12/04 19:48:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2011/11/23 20:19:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1715567821-839522115-1003.job
[2011/11/23 20:19:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1715567821-839522115-1003.job
[2011/11/23 15:37:02 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/11/23 15:37:02 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/11/16 21:24:01 | 000,024,025 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\c856f069.jpg
[2011/11/15 22:14:55 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/15 21

36 | 000,061,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/27 09:53:06 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\IS_ContextMenu.dll
[2010/12/04 09:02:37 | 000,272,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1229272821-1715567821-839522115-1003-0.dat
[2010/12/04 09:02:36 | 000,272,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/12 18:08:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/15 22:07:52 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 20:41:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/15 20:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/23 21:26:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/23 20:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/23 19:30:29 | 000,000,962 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2010/04/23 19:30:29 | 000,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010/04/23 19:30:11 | 000,033,768 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/04/23 19:29:13 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/04/23 19:29:13 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/04/23 19:29:13 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/04/23 19:29:13 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/04/23 19:29:13 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/04/23 19:29:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/04/23 19:29:13 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/04/23 19:29:13 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/04/23 19:28:49 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/04/23 19:28:47 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/04/23 19:28:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/23 19:28:04 | 000,033,527 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/23 19:27:44 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/04/23 19

23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 19:18:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/23 15:14:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/23 15:13:10 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/27 15:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,494,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,083,298 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/27 16:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Amazon
[2011/03/19 15:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Avery
[2011/02/13 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canon
[2011/03/27 00:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Civitas3
[2011/12/08 22:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dropbox
[2010/05/15 22:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Easy Duplicate Finder
[2011/12/04 18:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ESET
[2010/12/04 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GARMIN
[2011/08/13 20:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ImgBurn
[2011/12/04 23:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IObit
[2010/07/31 21:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282 C0A5B52E9909C36.1
[2011/12/04 20:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2010/04/23 20

37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/05 07:40:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/04 18:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/12/04 23:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/11/20 21:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/06/25 16:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/05/15 20:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/12/06 22:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2010/04/23 21:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/05 18:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282 C0A5B52E9909C36.1

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/04/23 19:20:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/01 17:53:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/08 22:02:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/08 22:16:35 | 000,023,286 | ---- | M] () -- C:\ComboFix.txt
[2010/04/23 19:20:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/23 19:20:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/23 19:20:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/23 20:01:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/23 20:01:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/08 22:09:42 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/12/08 19:47:41 | 000,096,386 | ---- | M] () -- C:\TDSSKiller.2.6.22.0_08.12.2011_19.46.04_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/04/23 19:20:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/16 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD93. DLL
[2007/04/16 04:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP93. DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/04/23 15:11:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/04/23 15:11:41 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/04/23 15:11:41 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/23 20:03:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/23 20:35:43 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/04/23 19:23:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/08 23:07:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/23 20:35:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Admin\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/08 22:17:17 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Admin\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/29 07:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 11:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/29 07:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 07:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 07:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 12/8/2011 11:08:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.01% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 322.86 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 192.25 Gb Free Space | 51.60% Space Free | Partition Type: NTFS

Computer Name: HOME-V6WO7CTATK | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1229272821-1715567821-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*

isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled

ropbox -- (Dropbox, Inc.)
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe:*

isabled:Sid Meier's Civilization V -- (Firaxis Games)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*

isabled:Steam -- (Valve Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{22F97839-122D-4082-99D6-4AA6C36DF525}" = ESET Smart Security
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60C1AF18-EA45-7488-5C95-4EC64F93B727}" = ViiKii Desktop Plug-in
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411DC9-B8B8-45F3-B688-073BF4B59094}" = Virtual Account Numbers
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Capsule" = Capsule
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"iSkysoft iMedia Converter_is1" = iSkysoft iMedia Converter(Build 3.0.3.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Plants vs. Zombies" = Plants vs. Zombies
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"Steam App 8930" = Sid Meier's Civilization V
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5 B52E9909C36.1" = ViiKii Desktop Plug-in
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1229272821-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2011 8:52:31 AM | Computer Name = HOME-V6WO7CTATK | Source = Bonjour Service | ID = 100
Description = 540: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/23/2011 8:52:31 AM | Computer Name = HOME-V6WO7CTATK | Source = Bonjour Service | ID = 100
Description = 524: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/23/2011 8:52:31 AM | Computer Name = HOME-V6WO7CTATK | Source = Bonjour Service | ID = 100
Description = 592: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/23/2011 9:46:01 AM | Computer Name = HOME-V6WO7CTATK | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 10/23/2011 10:32:11 AM | Computer Name = HOME-V6WO7CTATK | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2011 10:42:42 PM | Computer Name = HOME-V6WO7CTATK | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libffmpeg_plugin.dll,
version 0.0.0.0, fault address 0x0025c040.

Error - 11/3/2011 10:42:54 PM | Computer Name = HOME-V6WO7CTATK | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libffmpeg_plugin.dll,
version 0.0.0.0, fault address 0x000e333e.

Error - 11/3/2011 10:43:03 PM | Computer Name = HOME-V6WO7CTATK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/3/2011 10:43:29 PM | Computer Name = HOME-V6WO7CTATK | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.8.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2011 11:11:24 PM | Computer Name = HOME-V6WO7CTATK | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libvlc.dll,
version 0.0.0.0, fault address 0x0009d054.

[ System Events ]
Error - 12/6/2011 10:38:03 PM | Computer Name = HOME-V6WO7CTATK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/6/2011 11:38:26 PM | Computer Name = HOME-V6WO7CTATK | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/8/2011 10

28 PM | Computer Name = HOME-V6WO7CTATK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/8/2011 10

34 PM | Computer Name = HOME-V6WO7CTATK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/8/2011 10

34 PM | Computer Name = HOME-V6WO7CTATK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/8/2011 11:02:36 PM | Computer Name = HOME-V6WO7CTATK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/8/2011 11:02:37 PM | Computer Name = HOME-V6WO7CTATK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/8/2011 11:24:06 PM | Computer Name = HOME-V6WO7CTATK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'ComboFix.exe' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

< End of report >

**broni** · 09-12-2011

Good news

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2010/04/23 2037 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================== ==================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

**Bonny Liang** · 10-12-2011

I ran everything but Eset didn't produce any logs. Does this mean I'm clear?

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Smart Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

All processes killed
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\Domains\netflix.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\ZoneMap\Domains\netflix.com\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\spool\suspic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\spool folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\moved folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\journal folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\integ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\fw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\chest folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 937646 bytes
->Temporary Internet Files folder emptied: 175599 bytes
->Java cache emptied: 15614 bytes
->FireFox cache emptied: 42783651 bytes
->Flash cache emptied: 2015947 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2428 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47803928 bytes
->Flash cache emptied: 136884 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1229439 bytes
%systemroot%\System32 .tmp files removed: 352785 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12102011_082250

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**broni** · 10-12-2011

1. Update your Java version here: Verify Java Version

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================== ========

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT (Web of Trust). It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): Free Computer Security - Personal Software Inspector (PSI) - Secunia. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

13. Please, let me know, how your computer is doing.

Google re-direct and possible winmgr.exe infection?

Google re-direct and possible winmgr.exe infection?

Similar Threads

Direct x

[Resolved] Google re-direct, plus i cant open hijackthis etc

Another... Direct x 10.1

direct 9.0 3d

Slow Direct drw and Direct 3D functions