Print Page - PC Rendered Unuseable Due To Trojan Infection

General Category => Tech Clinic => Topic started by: ba5852 on May 19, 2011, 08:40:40 AM

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 19, 2011, 08:40:40 AM

I have tried unsuccessfully to remove virus/trojans from this computer for about 60 hours. I would really appreciate some help.

It is a Windows XP SP3 desktop. I can access the Internet in Safe Mode but the computer freezes up in Normal Mode. After normal mode boot system runs extremely slow. If I click on Start/Control Panel the system freezes before Control Panel menu can open. The mouse moves around but you can't click on anything and the only was out is to reboot.

This all started when I was online and noticed that one of my security programs was warning me that it was blocking Internet Explorer from accessing various web sites. I started getting the message once every few second with a different web site each time. I figured I had probably picked up a trojan that was trying to download other malicious software so I isolated the computer from the network and a scan with Spybot Search & Destroy. The results of that scan were:

win32.tdss.dt
fraud.ultraantivirus2009
microsoft.windows.infectedhostfile
virtumonde.sci
win32.agent.ws
greenape inc

I had Spybot remove the above list (supposedly).

After reboot as desktop was loading I got two error messages:
Windows cannot find C:\Documents~\Bruce\Local~\Temp\UninstalllockedSOSfiles
Windows cannot find C:\Windows\is-VE64T.exe

I then ran Malwarebytes and no items were detected.

Still getting messages about missing files on reboot.

Tried to install Ad-Aware but it freezes during the install process

Ran Trend Micro HouseCall ver 7.1 and it found 1 threat (Troj_generic.adv). I selected Fix that file.

Ran Malwarebytes "quick scan" - nothing found
Ran HouseCall again - nothing found

Had read online that Rapport security software that I had downloaded from Bank of America site could cause system problems and slow downs so I tried to uninstall Rapport. Windows Installer would not run in Safe Mode so I rebooted in normal mode and tried to uninstall Rapport again. The Windows Installer froze even though Task Manager indicated it was running.

I have also run SpySweeper scans with nothing detected and SuperAntiSpyware scans.

I could really use some help at this point.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 19, 2011, 09:45:31 AM

[quote name='ba5852' date='19 May 2011 - 08:40 AM' timestamp='1305812440' post='479495']
I have tried unsuccessfully to remove virus/trojans from this computer for about 60 hours. I would really appreciate some help.

It is a Windows XP SP3 desktop. I can access the Internet in Safe Mode but the computer freezes up in Normal Mode. After normal mode boot system runs extremely slow. If I click on Start/Control Panel the system freezes before Control Panel menu can open. The mouse moves around but you can't click on anything and the only was out is to reboot.

This all started when I was online and noticed that one of my security programs was warning me that it was blocking Internet Explorer from accessing various web sites. I started getting the message once every few second with a different web site each time. I figured I had probably picked up a trojan that was trying to download other malicious software so I isolated the computer from the network and a scan with Spybot Search & Destroy. The results of that scan were:

win32.tdss.dt
fraud.ultraantivirus2009
microsoft.windows.infectedhostfile
virtumonde.sci
win32.agent.ws
greenape inc

I had Spybot remove the above list (supposedly).

After reboot as desktop was loading I got two error messages:
Windows cannot find C:\Documents~\Bruce\Local~\Temp\UninstalllockedSOSfiles
Windows cannot find C:\Windows\is-VE64T.exe

I then ran Malwarebytes and no items were detected.

Still getting messages about missing files on reboot.

Tried to install Ad-Aware but it freezes during the install process

Ran Trend Micro HouseCall ver 7.1 and it found 1 threat (Troj_generic.adv). I selected Fix that file.

Ran Malwarebytes "quick scan" - nothing found
Ran HouseCall again - nothing found

Had read online that Rapport security software that I had downloaded from Bank of America site could cause system problems and slow downs so I tried to uninstall Rapport. Windows Installer would not run in Safe Mode so I rebooted in normal mode and tried to uninstall Rapport again. The Windows Installer froze even though Task Manager indicated it was running.

I have also run SpySweeper scans with nothing detected and SuperAntiSpyware scans.

I could really use some help at this point.
[/quote]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:29 AM, on 5/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Common Files\AOL\1187843131\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Download Files\Trend Micro HijackThis v2.0.4\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [WheelMouse] "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] "C:\WINDOWS\MXOALDR.EXE"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-VE64T.exe" /REG
O4 - HKLM\..\RunOnce: [UninstallLockedSOSFiles] C:\DOCUME~1\Bruce\LOCALS~1\Temp\UninstallLockedSOSFiles.lnk
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Download/Cfx4Financial.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://oxps.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D822C7BD-037E-4E2F-9A19-6FD304CAA4F6}: NameServer = 68.87.74.162,68.87.68.162
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Services) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

--
End of file - 14556 bytes

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 19, 2011, 08:50:43 PM

Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Under the Custom Scan box paste this in, the contents in Blue

[color="#0000FF"]
msconfig
[/color]

Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 20, 2011, 02:41:34 PM

OTL logfile created on: 5/20/2011 3:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 42.30 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 60.96 Gb Free Space | 81.81% Space Free | Partition Type: NTFS

Computer Name: AMD3200 | User Name: Bruce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/05/05 15:43:11 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/05/05 15:43:04 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/05 15:43:11 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/01/27 11:51:04 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/13 17:34:23 | 000,042,312 | R--- | M] (AOL Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/01 14:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/11 09:59:02 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/01/23 18:36:03 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2011/04/21 14:55:18 | 000,018,872 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/21 13:55:07 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/04/18 18:05:08 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/04/18 18:05:06 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/04/18 18:05:04 | 000,047,120 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110425.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110425.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/13 17:34:53 | 000,024,904 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2006/10/17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/08 11:03:36 | 000,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/25 17:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2005/12/11 09:59:02 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/09 20:09:22 | 000,017,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys -- (VPROEVENTMONITOR)
DRV - [2005/09/09 20:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 20:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/01/11 09:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/25 18:09:14 | 000,009,984 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2004/08/20 19:03:02 | 000,021,632 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/06/21 04:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/26 20:55:42 | 000,037,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/23 23:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Stopped] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/16 12:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/05/27 17:45:06 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsp.sys -- (Vsp)
DRV - [2003/04/14 12:00:40 | 000,032,512 | R--- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/10/18 13:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1998/11/27 16:57:18 | 000,006,144 | R--- | M] (Erik Salaj) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 F9 C9 7E 59 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/07 04:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/27 17:34:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/27 17:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 23:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:57:38 | 000,000,000 | ---D | M]

[2008/10/24 19:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2011/03/23 12:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions
[2010/05/02 08:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 21:00:30 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/05/09 22:14:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\[email protected]
[2011/03/23 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 11:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 16:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 16:17:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 18:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 21:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/06/07 07:03:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 23:04:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/07 21:48:41 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/12/07 21:48:06 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/19 16:29:09 | 000,433,784 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14955 more lines...
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] File not found
O4 - HKLM..\RunOnce: [UninstallLockedSOSFiles] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\Printkey2000.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} http://www.schaeffersresearch.com/download/CfxIEAx.cab (ChartFX Internet Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921 (MUWebControl Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://oxps.webex.com/client/T26L/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/29 17:56:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b290139a-2f04-11df-8097-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b290139a-2f04-11df-8097-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b290139a-2f04-11df-8097-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 15:27:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/06 16:24:04 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/06 14:32:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2011/05/06 14:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/05/06 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/05 22:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 22:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/26 22:21:50 | 000,017,472 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\SsiEfr.exe
[2011/04/26 22:21:49 | 000,047,120 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2011/04/26 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot
[2011/04/26 22:19:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2011/04/26 22:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\webroot
[2011/04/26 21:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\PackageAware
[2011/04/26 19:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2011/04/26 19:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/26 19:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 19:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/26 19:29:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/26 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 12:36:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
[2011/04/26 11:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/26 11:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/25 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbo Tax
[2011/04/25 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Turbo Tax
[2011/04/21 17:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\Trusteer
[2011/04/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Trusteer
[2011/04/21 12:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2011/04/21 12:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Rapport
[2011/04/21 12:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/08 23:00:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bruce\Application Data\pcouffin.sys
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/20 15:23:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/20 15:21:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 21:25:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/19 16:29:09 | 000,433,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/19 10:15:26 | 000,000,251 | RHS- | M] () -- C:\boot.ini
[2011/05/19 10:13:05 | 000,178,882 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/19 10:10:12 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2011/05/16 07:55:01 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/05/15 21:53:04 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-162909.backup
[2011/05/07 23:55:15 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Word 2003.lnk
[2011/05/06 22:25:30 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/06 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/05/05 22:58:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 15:36:13 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153652.backup
[2011/04/27 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/26 22:19:42 | 000,002,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/04/26 20:40:12 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/26 19:29:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 14:29:12 | 000,432,016 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153613.backup
[2011/04/26 11:24:06 | 000,250,532 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/04/26 11:21:59 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/26 10:59:28 | 000,002,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-112406.backup
[2011/04/26 00:05:27 | 000,434,571 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-105928.backup
[2011/04/25 23:09:18 | 000,168,432 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/04/24 03:28:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/04/24 03:00:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/23 00:07:11 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 22:25:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/05 22:58:07 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/26 22:21:50 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/04/26 22:19:42 | 000,002,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/04/26 19:29:15 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 11:21:59 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Bruce\Start Menu\Programs\Internet Explorer.lnk
[2011/04/25 23:09:18 | 000,168,432 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/02/21 10:37:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/01/12 00:10:56 | 001,593,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 10:40:38 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/12/04 10:40:37 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/08/08 23:00:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\inst.exe
[2010/08/08 23:00:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.cat
[2010/08/08 23:00:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.inf
[2010/06/26 11:00:27 | 000,048,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/11 22:26:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\default.pls
[2009/11/23 00:02:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2009/11/23 00:02:07 | 000,003,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsp.sys
[2009/09/05 11:57:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 20:37:40 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/18 20:37:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/18 20:37:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/18 20:37:37 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/18 20:37:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/18 20:37:35 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/18 20:37:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/18 20:37:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/26 16:22:18 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/26 16:22:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/26 16:22:10 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/28 22:17:00 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/10 15:37:48 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/10 15:25:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\asym.ini
[2008/02/10 15:22:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\IVCI.INI
[2007/11/03 12:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/03 22:48:27 | 000,002,209 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2006/11/14 00:22:05 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/08/06 17:04:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2006/08/06 16:15:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/06/27 19:38:00 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/19 21:48:25 | 000,001,386 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/04/13 19:53:31 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/04/09 11:19:04 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast_sav.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2006/04/09 11:18:31 | 000,033,837 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006/04/09 11:18:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006/04/09 11:16:19 | 000,002,443 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2006/02/04 16:41:38 | 000,000,696 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/11 10:08:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2005/12/11 00:25:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\HotComm.INI
[2005/11/29 21:05:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/22 21:09:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/22 21:09:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/03/27 13:56:02 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/14 15:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/01/02 23:03:13 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/02 22:22:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/21 18:22:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2004/12/21 11:15:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/14 22:45:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/11 12:23:25 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2004/11/30 01:31:03 | 000,002,769 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/11/30 01:04:24 | 000,000,766 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/29 22:48:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/29 19:47:05 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/11/29 19:39:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/11/29 19:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/11/29 19:09:48 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/11/29 19:09:44 | 000,014,923 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/29 18:39:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/29 18:22:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/29 17:58:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/29 17:54:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/29 12:49:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/29 12:49:10 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/11 03:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 06:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 06:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 06:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004/06/30 16:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 14:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2004/01/29 20:45:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 12:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/11/22 12:49:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,541,282 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,099,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\SSCCleanup.exe:SummaryInformation
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 5/20/2011 3:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 42.30 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 60.96 Gb Free Space | 81.81% Space Free | Partition Type: NTFS

Computer Name: AMD3200 | User Name: Bruce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 01:21:10 PM

Please do the following, Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:Files
C:\WINDOWS\tasks\At*.job
ipconfig /flushdns /c
:Commands
[EmptyTemp]
[EmptyFlash]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:

Download [color="#0000FF"]TDSSKiller[/color] (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.zip") and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 03:45:18 PM

Here is the log file from OTL. After the reboot from OTL scan the system started to freeze again so I had to go back into safe mode to run TDSSKiller.

All processes killed
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bruce\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.AMD3200
->Temp folder emptied: 2215450 bytes
->Temporary Internet Files folder emptied: 2424322 bytes
->FireFox cache emptied: 18270310 bytes
->Flash cache emptied: 497 bytes

User: All Users
->Flash cache emptied: 113 bytes

User: Bruce
->Temp folder emptied: 30606762 bytes
->Temporary Internet Files folder emptied: 49394831 bytes
->Java cache emptied: 189450176 bytes
->FireFox cache emptied: 56278894 bytes
->Apple Safari cache emptied: 11036672 bytes
->Flash cache emptied: 2904730 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2931919 bytes

User: MIRIAM RESUME

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2400186 bytes
%systemroot%\System32 .tmp files removed: 18945204 bytes
%systemroot%\System32\dllcache .tmp files removed: 16823808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 181613 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14543036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 211146 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 399.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.AMD3200
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Bruce
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: MIRIAM RESUME

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05212011_160644

Files\Folders moved on Reboot...
C:\Documents and Settings\Bruce\Local Settings\Temp\~DFAD9.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06021.TMP not found!

Registry entries deleted on Reboot...

2011/05/21 16:35:19.0937 2640   TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 16:35:21.0953 2640   ================================================================================
2011/05/21 16:35:21.0953 2640   SystemInfo:
2011/05/21 16:35:21.0953 2640
2011/05/21 16:35:21.0953 2640   OS Version: 5.1.2600 ServicePack: 3.0
2011/05/21 16:35:21.0953 2640   Product type: Workstation
2011/05/21 16:35:21.0953 2640   ComputerName: AMD3200
2011/05/21 16:35:21.0953 2640   UserName: Bruce
2011/05/21 16:35:21.0953 2640   Windows directory: C:\WINDOWS
2011/05/21 16:35:21.0953 2640   System windows directory: C:\WINDOWS
2011/05/21 16:35:21.0953 2640   Processor architecture: Intel x86
2011/05/21 16:35:21.0953 2640   Number of processors: 1
2011/05/21 16:35:21.0953 2640   Page size: 0x1000
2011/05/21 16:35:21.0953 2640   Boot type: Safe boot with network
2011/05/21 16:35:21.0953 2640   ================================================================================
2011/05/21 16:35:22.0593 2640   Initialize success
2011/05/21 16:35:57.0578 2724   ================================================================================
2011/05/21 16:35:57.0578 2724   Scan started
2011/05/21 16:35:57.0578 2724   Mode: Manual;
2011/05/21 16:35:57.0578 2724   ================================================================================
2011/05/21 16:35:59.0140 2724   ACPI    (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/21 16:35:59.0250 2724   ACPIEC    (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/21 16:35:59.0484 2724   aec    (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/21 16:35:59.0609 2724   AFD    (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/21 16:35:59.0921 2724   ALCXSENS    (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/21 16:36:00.0078 2724   ALCXWDM    (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/21 16:36:00.0390 2724   AmdK8    (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/21 16:36:00.0468 2724   Amps2prt    (a6215b60b98ba023ec5606a360d502af) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
2011/05/21 16:36:01.0000 2724   Aspi32    (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/05/21 16:36:01.0171 2724   AsyncMac    (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/21 16:36:01.0343 2724   atapi    (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/21 16:36:01.0531 2724   Atmarpc    (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/21 16:36:01.0609 2724   audstub    (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/21 16:36:01.0718 2724   Beep    (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/21 16:36:01.0843 2724   cbidf2k    (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/21 16:36:02.0015 2724   CCDECODE    (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/21 16:36:02.0281 2724   Cdaudio    (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/21 16:36:02.0390 2724   Cdfs    (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/21 16:36:02.0515 2724   Cdrom    (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/21 16:36:02.0687 2724   CDRPDACC    (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
2011/05/21 16:36:03.0468 2724   Disk    (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/21 16:36:03.0625 2724   dmboot    (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/21 16:36:03.0796 2724   dmio    (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/21 16:36:03.0875 2724   dmload    (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/21 16:36:04.0015 2724   DMusic    (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/21 16:36:04.0187 2724   dot4    (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/05/21 16:36:04.0296 2724   Dot4Print    (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/05/21 16:36:04.0390 2724   dot4usb    (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/05/21 16:36:04.0609 2724   drmkaud    (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/21 16:36:04.0781 2724   dvd43llh    (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/05/21 16:36:05.0062 2724   eeCtrl    (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/21 16:36:05.0171 2724   EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/21 16:36:05.0437 2724   Fastfat    (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/21 16:36:05.0640 2724   Fdc    (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/21 16:36:05.0796 2724   Fips    (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/21 16:36:06.0000 2724   FLASHSYS    (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
2011/05/21 16:36:06.0281 2724   Flpydisk    (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/21 16:36:06.0375 2724   FltMgr    (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/21 16:36:06.0750 2724   Fs_Rec    (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/21 16:36:06.0796 2724   Ftdisk    (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/21 16:36:06.0906 2724   GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 16:36:07.0140 2724   Gpc    (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/21 16:36:07.0296 2724   HCWBT8XX    (e4aef0daacbe59b048be0224a6d0e601) C:\WINDOWS\system32\drivers\HCWBT8XX.sys
2011/05/21 16:36:07.0453 2724   HidUsb    (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/21 16:36:07.0734 2724   HTTP    (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/21 16:36:08.0062 2724   i8042prt    (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/21 16:36:08.0203 2724   Imapi    (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/21 16:36:08.0531 2724   IOPort    (f7c534def663b4e847e44f20927f5ed2) C:\WINDOWS\System32\DRIVERS\IOPORT.SYS
2011/05/21 16:36:08.0640 2724   ip6fw    (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/21 16:36:08.0781 2724   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/21 16:36:09.0000 2724   IpInIp    (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/21 16:36:09.0125 2724   IpNat    (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/21 16:36:09.0281 2724   IPSec    (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/21 16:36:09.0406 2724   IRENUM    (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/21 16:36:09.0546 2724   isapnp    (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/21 16:36:09.0703 2724   Kbdclass    (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/21 16:36:09.0843 2724   kbdhid    (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/21 16:36:09.0968 2724   kmixer    (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/21 16:36:10.0109 2724   KSecDD    (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/21 16:36:10.0468 2724   mnmdd    (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/21 16:36:10.0640 2724   Modem    (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/21 16:36:10.0750 2724   MODEMCSA    (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/21 16:36:10.0921 2724   Mouclass    (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/21 16:36:11.0093 2724   mouhid    (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/21 16:36:11.0250 2724   MountMgr    (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/21 16:36:11.0390 2724   MRxDAV    (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/21 16:36:11.0562 2724   MRxSmb    (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/21 16:36:11.0781 2724   Msfs    (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/21 16:36:11.0890 2724   MSKSSRV    (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/21 16:36:12.0062 2724   MSPCLOCK    (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/21 16:36:12.0171 2724   MSPQM    (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/21 16:36:12.0375 2724   mssmbios    (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/21 16:36:12.0500 2724   MSTEE    (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/21 16:36:12.0578 2724   Mup    (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/21 16:36:12.0703 2724   MXOFX    (799a99d21e72023ee5adb28ae424efc8) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
2011/05/21 16:36:12.0859 2724   NABTSFEC    (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/21 16:36:13.0187 2724   NAVENG    (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110425.002\naveng.sys
2011/05/21 16:36:13.0343 2724   NAVEX15    (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110425.002\navex15.sys
2011/05/21 16:36:13.0671 2724   NDIS    (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/21 16:36:13.0796 2724   NdisIP    (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/21 16:36:13.0968 2724   NdisTapi    (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/21 16:36:14.0015 2724   Ndisuio    (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/21 16:36:14.0265 2724   NdisWan    (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/21 16:36:14.0343 2724   NDProxy    (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/21 16:36:14.0468 2724   NetBIOS    (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/21 16:36:14.0531 2724   NetBT    (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/21 16:36:14.0890 2724   Npfs    (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/21 16:36:15.0078 2724   Ntfs    (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/21 16:36:15.0234 2724   Null    (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/21 16:36:15.0546 2724   nv    (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/21 16:36:16.0140 2724   NwlnkFlt    (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/21 16:36:16.0296 2724   NwlnkFwd    (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/21 16:36:16.0468 2724   Parport    (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/21 16:36:16.0593 2724   PartMgr    (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/21 16:36:16.0703 2724   ParVdm    (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/21 16:36:16.0890 2724   PCAlertDriver (1d96fcada2335af7ceec71845898421c) C:\Program Files\MSI\Core Center\NTGLM7X.sys
2011/05/21 16:36:17.0031 2724   PCI    (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/21 16:36:17.0312 2724   Pcmcia    (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/21 16:36:17.0437 2724   Pcouffin    (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/05/21 16:36:18.0015 2724   pfc    (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/21 16:36:18.0234 2724   PptpMiniport   (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/21 16:36:18.0312 2724   Processor    (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/21 16:36:18.0484 2724   PSched    (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/21 16:36:18.0609 2724   Ptilink    (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/21 16:36:18.0765 2724   PxHelp20    (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/21 16:36:19.0375 2724   RapportCerberus_25973 (3d80f6fb972cffab9a760892f9ab7232) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys
2011/05/21 16:36:19.0515 2724   RapportEI    (dfd7ac211b7577409498713ed9d38384) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/21 16:36:19.0625 2724   RapportIaso    (8ef46da83462e865f9070b03edf740d4) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys
2011/05/21 16:36:19.0703 2724   RapportPG    (f898cfc346f765460126a634d9523605) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/21 16:36:19.0984 2724   RasAcd    (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/21 16:36:20.0125 2724   Rasl2tp    (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/21 16:36:20.0203 2724   RasPppoe    (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/21 16:36:20.0296 2724   Raspti    (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/21 16:36:20.0421 2724   Rdbss    (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/21 16:36:20.0546 2724   RDPCDD    (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/21 16:36:20.0703 2724   rdpdr    (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/21 16:36:20.0890 2724   RDPWD    (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/21 16:36:21.0046 2724   redbook    (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/21 16:36:21.0359 2724   RTL8023xp    (d05453b44f98f0e975a36081f4362be5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/21 16:36:21.0500 2724   RushTopDevice (350103481c3ba41714d82a1d0f763070) C:\Program Files\MSI\Core Center\RushTop.sys
2011/05/21 16:36:21.0671 2724   SASDIFSV    (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/21 16:36:21.0718 2724   SASKUTIL    (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/21 16:36:21.0875 2724   SAVRT    (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/05/21 16:36:21.0906 2724   SAVRTPEL    (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/05/21 16:36:22.0265 2724   Secdrv    (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/21 16:36:22.0437 2724   serenum    (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/21 16:36:22.0562 2724   Serial    (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/21 16:36:23.0000 2724   Sfloppy    (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/21 16:36:23.0250 2724   SLIP    (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/21 16:36:23.0406 2724   smserial    (fc512d9288cd4985a3f59a1184559051) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/05/21 16:36:23.0968 2724   SPBBCDrv    (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/21 16:36:24.0093 2724   splitter    (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/21 16:36:24.0250 2724   sr    (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/05/21 16:36:24.0421 2724   srescan    (bb1cc49b817d2551eb321f4a9afb7d8c) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/05/21 16:36:24.0625 2724   Srv    (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/21 16:36:24.0781 2724   ssfmonm    (3199c2d24366ee02b279f0a065936703) C:\WINDOWS\system32\DRIVERS\ssfmonm.sys
2011/05/21 16:36:24.0968 2724   sshrmd    (44533a8b02355f05015dbeac869c1d91) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
2011/05/21 16:36:25.0140 2724   ssidrv    (22ff2bde8b5362b29778de58b3261514) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
2011/05/21 16:36:25.0265 2724   SSKBFD    (00d7ce66e35fd5a3437d4a641d21bd87) C:\WINDOWS\system32\Drivers\sskbfd.sys
2011/05/21 16:36:25.0375 2724   StillCam    (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/21 16:36:25.0546 2724   streamip    (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/21 16:36:25.0656 2724   swenum    (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/21 16:36:25.0843 2724   swmidi    (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/21 16:36:26.0218 2724   SymEvent    (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/21 16:36:26.0359 2724   symlcbrd    (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/21 16:36:26.0531 2724   SYMREDRV    (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/21 16:36:26.0640 2724   SymSnap    (fea2d66aeb341e11fad6ff2d50b8ca40) C:\WINDOWS\system32\drivers\SymSnap.sys
2011/05/21 16:36:26.0765 2724   SYMTDI    (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/21 16:36:27.0062 2724   sysaudio    (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/21 16:36:27.0250 2724   Tcpip    (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/21 16:36:27.0421 2724   TDPIPE    (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/21 16:36:27.0515 2724   TDTCP    (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/21 16:36:27.0671 2724   TermDD    (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/21 16:36:27.0968 2724   Udfs    (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/21 16:36:28.0171 2724   Update    (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/21 16:36:28.0375 2724   USBAAPL    (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/21 16:36:28.0484 2724   usbehci    (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/21 16:36:28.0625 2724   usbhub    (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/21 16:36:28.0750 2724   usbscan    (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/21 16:36:28.0921 2724   USBSTOR    (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/21 16:36:29.0062 2724   usbuhci    (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/21 16:36:29.0203 2724   V2IMount    (deea641cc5f87867759856a52cbc0999) C:\WINDOWS\system32\drivers\V2IMount.sys
2011/05/21 16:36:29.0343 2724   VgaSave    (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/21 16:36:29.0468 2724   viaagp1    (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/05/21 16:36:29.0656 2724   ViaIde    (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/05/21 16:36:29.0859 2724   viamraid    (7dc3e1dc6e4f8be381c31bfea578412a) C:\WINDOWS\system32\drivers\viamraid.sys
2011/05/21 16:36:30.0000 2724   VIAudio    (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys
2011/05/21 16:36:30.0140 2724   videX32    (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/05/21 16:36:30.0312 2724   VolSnap    (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/21 16:36:30.0437 2724   VPROEVENTMONITOR (4e3ff45d846b6ffa142f53ca8784a94d) C:\WINDOWS\system32\drivers\VProEventMonitor.sys
2011/05/21 16:36:30.0578 2724   vsdatant    (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/05/21 16:36:31.0000 2724   Vsp    (aaf94bc88ecdf0ae0586805dad1e59c4) C:\WINDOWS\system32\drivers\Vsp.sys
2011/05/21 16:36:31.0109 2724   Wanarp    (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/21 16:36:31.0265 2724   wanatw    (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/21 16:36:31.0515 2724   wdmaud    (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/21 16:36:31.0906 2724   WmBEnum    (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/05/21 16:36:32.0015 2724   WmFilter    (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/05/21 16:36:32.0281 2724   WmVirHid    (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/05/21 16:36:32.0390 2724   WmXlCore    (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/05/21 16:36:32.0515 2724   WS2IFSL    (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/21 16:36:32.0640 2724   WSTCODEC    (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/21 16:36:32.0812 2724   WudfPf    (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/21 16:36:33.0015 2724   WudfRd    (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/21 16:36:33.0312 2724   ================================================================================
2011/05/21 16:36:33.0312 2724   Scan finished
2011/05/21 16:36:33.0312 2724   ================================================================================

No infected or suspicious files were found so program did not request a reboot.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 03:50:33 PM

Download ComboFix from the following location

[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop

--------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

In addition, keep me updated how things are now running

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 05:01:31 PM

Started to run ComboFix in Safe Mode with nothing running except Zone Alarm. I got this warning message.

(http://data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAGAAgADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDsfHfjvVPDGuQ2NjBZPE9skpM0RZsksOxHHFcx/wALd8Qf8+mmf9+W/wDiq6XxJpunax8ULbTtRi8wXGk7YPmZdsoLkHgjsD14rOtfBWj21rpt9f2btAmky3V8pdx+9UIwBwcqcSdBjpX0mGjgY0IKrTvJq/rv5+VjyKzxLqS5JWV/8v8AMzP+FueIP+fTTP8Avy3/AMVS/wDC3PEH/Pppn/flv/iqwLDwhqOo6BPrFu8RggieV0ZJVO1c5wxTYx4PAY0+bwheQf2QrXtgZtV8kwQiRt6rL91mG3gA8EjP416P1TLruPKro5PbYu17s3f+Ft6//wA+umf9+W/+Ko/4W1r/APz66Z/35b/4qqCeB7m01CxNxdaddW76gLGRUmkAEo5MTEJlScYyAcZ/GgeCbq+u72SG40+yhXU5NPjilnc/vQeEU7ctwcAnBOOcVHsMt/lVivaYvuzQ/wCFs6//AM+umf8Aflv/AIql/wCFs6//AM+um/8Aflv/AIqs2z8AardMiNcWNvNLNNDDFNKd0xiJDlQFPAIPXHSqvgjTbTV/GFjY30Pm20vmb03Fc4jYjkEHqBTeFy/klNQT5Vd2+f8AkxKtiuaMXJq5u/8AC2Ne/wCfXTf+/Lf/ABVH/C19e/59dN/78t/8VWGNNtP+Fef2p5X+m/2r9n83cf8AV+VuxjOOvOcZrBrSGAwU72prR2IlisRG15bnd/8AC19e/wCfXTf+/Lf/ABVL/wALW17/AJ9dN/78t/8AFVwlKKv+zMJ/z7RP1yv/ADM7v/hauu/8+um/9+W/+Ko/4Wrrv/Prpv8A35b/AOKrhhS0f2ZhP+faD65X/mZ3P/C1Nd/59dO/78t/8VS/8LT13/n107/vy3/xVcNSil/ZmE/59oPrlf8AmZ3P/C09d/59tO/78t/8VR/wtLXP+fbTv+/Lf/FVxAoFH9mYT/n2g+uV/wCZncf8LR1z/n207/vy3/xVL/wtHXP+fbTv+/Lf/FVxApaX9m4T/n2g+uV/5mdv/wALQ1z/AJ9tO/78t/8AFUv/AAs/W/8An20//vy3/wAVXECnCj+zcJ/z7QfXK/8AMztf+Fna3/z7af8A9+W/+Kpf+Fna3/z7af8A9+W/+KriqUUv7Nwn8iD65X/mZ2v/AAs3W/8An20//vy3/wAVR/ws3W/+fbT/APvy3/xVcXS0f2bhP5EH1yv/ADM7T/hZmtf8+2n/APflv/iqX/hZetf8+2n/APflv/iq4sU6l/ZuE/kQfXK/8zOz/wCFla1/z76f/wB+W/8AiqX/AIWVrX/PvYf9+W/+KrjKUUv7Nwv8iD65X/mZ2X/CydZ/597D/vy3/wAVS/8ACyNZ/wCfew/79N/8VXHUtH9nYX+RB9cr/wAzOx/4WRrP/PvYf9+j/wDFUv8AwsfWf+few/79H/4quOpaP7Owv8iD65X/AJmdh/wsbWP+few/79H/AOKpf+Fjax/z72H/AH6P/wAVXHinCl/Z2F/kQfXK/wDMzr/+Fi6x/wA+9j/36P8A8VS/8LE1j/n3sf8Av0f/AIquQpaX9nYX+RB9cr/zM6//AIWJrH/PvY/9+j/8VR/wsPV/+fex/wC/R/8Aiq5EU6j+zsL/ACIPrlf+ZnW/8LC1f/nhY/8Afo//ABVL/wALB1f/AJ4WP/fo/wDxVclS0v7Owv8AIg+uV/5mdb/wsHV/+eFj/wB+j/8AFUf8LA1b/nhZf9+j/jXJinCj+zsL/Ig+uV/5mdX/AMJ/q3/PCy/79H/Gl/4T/Vv+eFl/36P+NcpS0v7Pwv8AIg+uV/5mdX/wn2rf88LL/v0f8aP+E91X/nhZf9+j/jXK04Uf2fhf5EH1yv8AzM6n/hPdV/54WX/fo/410tvceJbm1huFfRlWWNZFDLJkAjIzx715kK7nxFqusaF4Gs9V0e0tbs2dvDNdwzuVLW6x5k2EcBwMHnPAPBOAfLzSlSw0IunBas78BUqVpNTk9DWkl8SRRvI82iBEBZjsk4A/CsvRtbudb1LQ57gRp/pUwCxrtBxASCRnr8xrI8MeNr3xwdXvbKwS38N29u0Mck5/0mW42hjwpKqgVv1BB6hZfBn+v0P/AK+5/wD0nryFNVKcm4pNW2PQ5XCpFJt3ueoUUUVibhRRRQAUUUUAFFFFABRRRQAUUUUAeL/EXUpNH+I2lajENz29tDJtzjcA75Ge2RkfjWPf/EK4vtP1y0WzEX9qTLIGEufKUBVK/d5yqAZ4rvPGXgT/AISjWYr3+0vs2y3SLZ5G/OCTnO4f3v0rnv8AhUP/AFHP/JT/AOzr6XCY3LlRpqs/eiuz6O/Rdzx6+HxTqS9mtH6drGPaePoo9Ojt7rSPPlTTW0wyLdFFMR9EwcNwMnPOO1Ztx4o+0avoF/8AY9v9kQW8Ozzc+b5TZznHy5/HHvXV/wDCov8AqOf+Sn/2dH/Cov8AqOf+Sn/2ddEcflUW2pb+Uupk8NjWrNfkYH/Ca/8AUP8A+Y7/AGx/rv8AyH93/wAe/Sj/AITX/qH/APMd/tj/AF3/AJD+7/49+ldB/wAKj/6jn/kp/wDZ0f8ACpP+o5/5Kf8A2dH1/Kv5vwl/kH1fG9vyNHSvEltqGmWxN7BYefeXMs7i/iWW2WR2bgSocjnHyY9e5x53Y31roviU3Vv511aQSSCIpM0DyIQVU7lwV4IP6V2n/Cpf+o3/AOSn/wBnS/8ACpf+o3/5Kf8A2dZ0cbl1JytU0l5S8+tr9SqmHxc+W8dV5o4Uaiv/AAj/APZnlS7/ALV9o8zz22Y2bceX93P+117VRr0j/hU3/Ub/APJX/wCzpf8AhU//AFG//JX/AOzrqWcYCN7T/CX+Rg8BiXvH8V/meb0or0j/AIVP/wBRr/yV/wDs6P8AhVH/AFGv/JX/AOzqv7awP8/4P/IX9n4n+X8V/mecilr0b/hVP/Ua/wDJX/7Oj/hVX/Ua/wDJX/7Ol/bWB/n/AAf+Qf2fif5fxX+Z51SivRf+FV/9Rn/yV/8As6X/AIVX/wBRn/yV/wDs6P7ZwP8AP+D/AMg/s/E/y/iv8zzsUCvRP+FWf9Rn/wAlf/s6X/hVn/UZ/wDJX/7Ol/bOB/n/AAf+Qf2fif5fxX+Z54KWvQv+FW/9Rn/yV/8As6X/AIVd/wBRj/yV/wDs6P7ZwP8AP+D/AMg/s/E/y/iv8zz0U4V6D/wq/wD6jH/kt/8AZ0f8Kw/6jH/kt/8AZ0v7ZwX8/wCD/wAg/s/E/wAv4r/M8/pRXoH/AArD/qMf+S3/ANnS/wDCsf8AqL/+S3/2dH9s4L+f8H/kH9n4n+X8V/mef0td/wD8Ky/6i/8A5Lf/AGdL/wAKy/6i/wD5Lf8A2dL+2MF/P+D/AMg/s/E/y/iv8zgBTq73/hWf/UX/APJb/wCzpf8AhWn/AFF//Jb/AOyo/tjBfz/g/wDIP7PxP8v4r/M4KlFd7/wrX/qLf+S3/wBlR/wrb/qLf+S3/wBlS/tjBfz/AIP/ACD+z8T/AC/iv8zhKWu7/wCFbf8AUW/8lv8A7Kl/4Vv/ANRb/wAl/wD7Kj+2MF/P+D/yD+z8T/L+K/zOEpa7r/hXH/UV/wDJf/7Kl/4Vx/1Ff/Jf/wCypf2xgv5/wf8AkH9n4n+X8V/mcKKcK7j/AIVz/wBRX/yX/wDsqX/hXX/UV/8AJf8A+yo/tfBfz/g/8g/s/E/y/iv8zh6Wu3/4V3/1Ff8AyX/+ypf+Fd/9RT/yX/8AsqX9r4L+f8H/AJB/Z+J/l/Ff5nECnV23/CvP+op/5L//AGVH/Cvf+op/5L//AGVH9r4P+f8AB/5B/Z+J/l/Ff5nFUtdr/wAK+/6in/kv/wDZUv8Awr//AKif/kv/APZUv7Xwf8/4P/IP7PxP8v4r/M4oU4V2f/Cv/wDqJ/8AkD/7Kl/4QD/qJ/8AkD/7Kj+18H/P+D/yD+z8T/L+K/zOMpa7L/hAf+on/wCQP/sqX/hAf+on/wCQP/sqX9rYP+f8H/kP+z8T/L+K/wAzjacK7H/hAv8AqJf+QP8A7Kj/AIQP/qJf+QP/ALKj+1sH/P8Ag/8AIX9n4n+X8V/mceK9A1XwzZeLPCuladqMt0toqW80kUEuwThUHyP3KE4OBg5AIIIqh/wgn/US/wDIH/2VPbwTM5BbWZzgAD5W4AGAPv8AQCvMzLFYfFQjGFRKz6qX+R3YKhWoSbnDfzX+ZLD4M0fQtQ1PWNKieyN1ZGGazgIS2YryH8sDAcDjI45PGSSc/wAGf6/Q/wDr7n/9J6s/8IPJ/wBBib/vlv8A4uremaQNF1jQ7UTeaDcTuG27cfuCMdT6V5aUIU5JTTbttf8AVI77ylOL5Wkr9v0bO8ooorI2CiiigAooooAKKKKACiiigAooooAzJv8AWfgP5Co6km/1n4D+QqIkAEnoKwe5QtFTW8AkUSSZC5yoz1rlPEureL7HxfptnoWiW9zo7LG1xK8bEsS+1l3DhCFweR+fStqdCU3ZEymlqdLRVma2hkyYvkkHQr3/AA7/AOcYrPguRJLLA2BNFjcvqD0Yex/oR2rOUGtRqSZPRRRUFBRWFaXmravctdWVxZW2mxXUlu0U1s8s0vlSGOQhhIoTLKwA2twAx67VqN44s1to7j+zdQKXKxyWIAizeo8kcYdP3nyjM0XEmw4fpwcOwjqKK4zVPGhNiv2GzvYbo3UCxo6xEzhbuKG4jX5yAytJ5ZLFQScqSBuGkPFkbuLaHStQl1MM6y6evkiWIII2ZixkEZGJoTw5P7wccNtLAdDRXE2Xi661XX5UsrpP7M8+3WDbol1MZYpIYpdxmVgkZPmEfMvyjBIrV0rxTFfWem7re6a6vYIJolWAIJUdFZpR87BUXJ3AsSpwOS8e8sB0NFcvqHiSfSfE2ox3FrdT6Xbadb3UssIi22oLz+ZI+WDsNsanChj8hwMnmS98caNpmuXOl30vkSQRNK0nmxPkLEZW/do5lGEDHLIAccE5XJYDpKKybbXoZdBm1q7tprGziiactK0cu6ILu8xTC7grjOMHJx06Z5+48c/2Vq9+dYs7qwt1gtFtrW5ktlZ5Xa4LMJPM2AFYv43H3MAZI3FgO2orkLLx3bXl5cTxwO+iw6ct5LeR7GFuQ9wsgfDkuMwYBjDgkE5IINSWHxA0vU42WzgmuLwSpElnBNbyvIWV2GHSUxD5YpThnB+Tp8y7izA6uiuUHjI2ja3NqunzWtnp8sSLMzRABnigYROfM4ffNjdxGBjLcE0+x8c2Gq28Z0uzur+6ZpFa1tpIGZAgQsxk8zyiB5sX3XJ+fGMhtpYDqKK5C28SalF4X8IXhtX1G61RYVuEiCLI5a1eUsu5kQHcgPJxjOBnFGneMRbW11JrcN1Dbx3l/HHfssZikWGSZtgVGL5WKJuSgzsPJJGSwHX0VheHPFmneJ/tK2RxLbbTJH50MuFbO07ondOdrcbsjHIAIJyfDvii9m0HTrm70/U7zUtSi+1x2q/ZlxFtjLNGd6gRBpFADsZPm5BwSCwHZ0VwNr41aTxHPILl7jSZFdrSKOJQ0pePT/JUZAIJe5cfMQBv+YgDjafxpYw+dHcWd7DdwxSvJasqNIHTycRDa5Vnf7RFtCk5LYyDxRYDpKK5S78dWMN+YraOa8jX5FW3RG892Np5ZjcyBdp+1p168nI2/NaHiyN3FtDpWoS6mGdZdPXyRLEEEbMxYyCMjE0J4cn94OOG2lgOhorCk8VWi6Po2pR2l7Mur7BawxRhpCzxNKoYZwOFIJzgE5JCgsILTxxo174lbQ4pc3PmyQK3mxHfJGDvXYHMi42P8zIqnbwTuXcWA6SiuMs/HFrrup6Vb6ZL5bG/8q7i82GbMbW1w6/PE7qMtF0DBvl5ABGbcnie6i1LVbaSzdbe01G1tI7tUVkPm/Z/kI8wNvzO3zY2gYPzEbSWA6iiuX0/xxZ36Wkh03ULaK5WCQPMIiESc7YHbbIxxI+VAAJBBLBRgmTw/wCONG8S38lnp8u6QRGeM+bE/mRggFsI7Mn3l+WQI3zdOGwWYHSUVzw8X2bm+aG0upre0n+yG4jaIrJc+YsYhC796uXYDLqq9920glmr+NLLQLSzuNXtZrFbneWSe4tg8SoRklfNy/BBxHvPbGSASwHSUVy8/jiztbe7urnTdQitIGuo0uGERW4e3EhdEAkLA4hkILBQdvUEgEvvHNhpVvIdUs7qwulaNVtbmSBWcOHKsJPM8oA+VL95wfkxjJXcWA6iiuUj+IOkz2k9zbW97cQ29g1/M8KIyJGplVhv3bSwaBlGCQ2QVLKGZbVrrc9peWOiXiPf61JAtzd/ZmiVIFZyCwDsjNGG3KNoZgFG7lgWLAdDRXLya7e2HhXxFNIyT6hoazr5jr8sxWITRMwXHJR492Ao3bsADFT3PiyOyRmudK1CIwQfar1T5JNnDlwJHxIQwIjc4j3theQCQCWA6Giue1jWL7T/ABNplra2N1fQz2d1JJb2xiDbkeAK5MjKMAOwwD/F0OMiqvxF8PyaraWEVzv+0+SEl3xr80yq0Y8tmEpyHTlUIG7kja20sB1dFYXiPxZp3hb7M2pHZFPuJk86Fdirjcdrurv97pGrH2yQDU1TxZPBaTT6dpV1cRRXkVqJ28oRzMblIJI0BkDBwS4BYKuVzkjGSwHUUVz1t4qtv7Quba/V7MRswL3CpGkJWCGZo3cOys+2Vm4wMRv2Tc1VfiFo39q2mmyrNb3M/kq0c7RJJDJKqlI2iL+YW+dASqsoJ5I2ttLAdXWbc/8AIz6D/wBdZv8A0U1W7S5+1wtJ5E0O2WSPbMm1jscruA/utt3A9wQe9VLn/kZ9B/66zf8AopqI7gzqaKKK3JCiiigAooooAKKKKACiiigAooooAzJv9Z+A/kKp3zmOzdgcYI/mKuTf6z8B/IVXnhWeB4m6MMZ9PesU7SuU9iws48tMHjaMV478RL/VdG8e6XFY69qyW180c0lv9qYRofN2lVAxhcDpXdxaq2nTmxv/AJXH3G7MPUeo/lXH+LPDmpeLPE1rqNrcafDFZKqwB5mLSYbfuYbfl54wCelezhIw57vaxwVJNaHqks2JWwcYPFcxc3rDx/psUZAE1tcCTHcKUK/kS35moNU8WW2m2JuL6SGCYj51VyyhvRTgFvyqh4Msb3VNYn8T6hC8KNH5FlC4wwjzksfcmuetFQpu5dJuUtDvKKKK8w7TJ/sMxX/2iy1O9soGl86WzhERhkcnLE70Zl3d9jLkkt94kmjF4LsUW3R7y9lis/KWyjdkAtY45Y5RGpCAspMMQJcs2F4IJJPSUUXEc3d+C7G6jjC3l7BJFLNNHJGybleW6juifmQg4kiUDIPGQc9aePCcaOLmHVdQi1Ms7S6gvkmWUOI1ZSpjMYGIYRwgP7sc8tu6GincDN0bQrLQYZ4bBXSGVkYRs24IEhjhVQTzjbEvUk5zzVSx8K2mnx2Kw3d6ZLGKKC3kaQZSJFVTHgDaVfGWyMk4ORsj2btFK4zJ1Dw/aal/avnSTL/adgthNsYDbGPNwVyOG/fN1yOBx1zUfwnH9ujuIdV1CCKGea6gto/JMcU0qyK8gLRlicyyNhmK5PTAAroaKLgY1n4Y0+10Email RemovedkD3MepNI968m1GuGkXaxPlhVBKgDKgZxk/MSTU/4Q9Wu5L6bW9Tm1D915N24gDwbBKBtVYghys8oO5W+9xggEdJRTuBhP4VtJt4nu72Zbi1a0vlkkB+2Rnfw5xlcGWQjyygG7H3QoA3hoyxq0+######yiWC8cxb4CFZflQRiLlZJASUJO7r8q7d2ilcRhSeF4ZftG/UL0/aPKkl/wBX81xH5ey4+5w48qP5R+7O3lOTkfw0W8mYa1qa6hHvH27MTSMj7NybWjMar+7j+6g5XPVmLbtFFwMb/hG7ZNE0vTYLq6gOlqi2l0hQyxlYzHu+ZShJRmBypHzEgA4IjuPCWm3dhHY3PnS2y3V1cshfG83AmEikgA7cXD4xgjA5453aKLgUdN06Sx81p9Svb+WTA8y6KDaozgBY1VB1PO3JyMkgKBQHheGGw0u2stQvbOXTbX7JBdReW0hiwgKsHRkOfLQk7QcrwQCQd2igZy6eAtHhfdA11CFULCqyAiEqLYIy7gSSptISN2QTu3BgcVbi8KWKzQXNxLNdXcd0bqS4mCbp32KgDhVC7RsiYBQvzQxtyRk7tFO4jmx4I0lXtmjM0f2eVpECbADmeGZVPy/dX7PFGo7RqF7AiPWPDd0LmbU9DmePVJ5y7yNcrEFRo4kZRuhlGD5EJ5XOQcMBkHqKKLgY1h4dis9K8P2ck7yPoqoI5FAUSMsDQ5I54IdjjPXHPrG3hW0k+1wS3d6+m3PnF9P8wLDum3eYcqBIcl3OGcgFsgDau3dopXA5628Jxx6zFqt1quoX13EyMjT+SoARJ0C4jjUYxcSH1zjnAwbFz4btrm8nn+1XUcdxPBdS26FNjzRPGyyZKlgcQopAIXAPG47q2aKLjOeg8Hafb20Fuk10UhgsIFJZclbSQyRk/L1JPzeo6Yq3pGhJo+xIr+9mtoYhBbW0rr5dvGMYVQqgtgKoDOWYAdeWzrUUXA5658IWd7qFxqF5d3U93IoSCZliVrVVlWVQhVBuCuiMBJv+76M25moeD11K0mhm1vU1kurU2l5OggD3MWXKqw8rau3zHAKBT83JOAR0lFO4jnr7wdp+oaQdNlmulhM93PuRlDbrhZlcfdxgC4fHHZc55zY1Dw3bX+pNqQurq2vQsSxTQlCYTH5wDKGVlJK3EincCMEYAIzWzRSuBjJ4Zsil8l1LdXgv7NbO68+XJkQGUk5GCpJmfhcADAUKBiq//COz6imlvrl891JYMkhiRIhFLNGTsn/1YdHPDFVYKOV+Zc7uhoouBjWehK+kahbaqqTS6q0j3wjZgrB12BARg4WMJHuAUnZuIBJqvc+E471GW51XUJTPB9lvWPkg3kOXIjfEYCgCRxmPY2G5JIBHQ0UXGZOqaGdRv7W+h1O9sLm2ilhV7URHckhQsCJEcdY16Y71BZ+FbTTpohp93e2lmnlFrKKQeXI0aKiFmIMnCxxggOAQnIOW3btFFwMLXPC8Oufav+Jhe2X2y1+yXX2Xyz58XzYU+YjYx5knK4PzHJOBgfwvCy3MQ1C9S0mlNwlsvl7IJ/NE3moSm4t5gLYZmXkjbjAG7RTuBhSeFLG4triG7lmuWuLqK6lklCbmdI44iMBQArpGVcAciRxwDgTtoSf2rJexX97BHNKs9xaxOqxzSKqqGY7d44RAVVgpC4IOW3a1FK4EFpbfZIWj8+abdLJJumfcw3uW2g/3V3bQOwAHaqlz/wAjPoP/AF1m/wDRTVpVm3P/ACM+g/8AXWb/ANFNTjuJnU0UUVuSFFFFABRRRQAUUUUAFFFFABRRRQBmTf6z8B/IVHUk3+s/AfyFR1g9yitfafaalbmC8t0mjPZxnH09K5i88MNpN7Ff6Ss0tuBtuLVpWcgf30znkc5Xv25HPYUVdOrKm7omcFNWZwHgzwxpl7HNrF9ZNNem7lCNcZO1Q3y4U9OMV34AAAAwBRRSqTc5czHGKirIKKKKgoovrekx3dzaPqdktzaxGa4ha4QPDGACXdc5VcEHJ45FULjxl4fgtrW7/tayks7i6Np9qjuYzDHII2kw77sDhceuWX1rm/EXgzXNauLgefDIrfa9lxNqM4G2W3mijT7MFMabfNQFwckIW6sRWzqugahN4oTXLM2sj2625igmkaMSMi3SMGYK20YuQQQGyVIwM5p2Qjah1ixlhuZWuYYltd5n3zIfLRXdC7EMQq5jfrjG0g4IIEa6/pmyRp761tzG0isstxHkBDICxwxAGIZDzyAjZAKsBhDwdKwhEkyKkt5dG+SNiFuLaS4e4RGG35iCVQhvl2SzgfezUEHgaVx4hW5ktVfVLO4tIZ0Uu8Ky3F1KeoHGJ4sgHkofQEmgHV3eqafYJM95f2tskCo8rTTKgjViVUtk8AkEAnqQRUlve2l3j7NdQzbokmHlyBsxvnY/H8LbWwehwcdK5C90HXtR1KfVJ7HT4rsLbLaCDVpUMLR/aMy7/IwTifGxkZSM7sjg9Jp1ne21xuvJLW5f7HBE94sXlzTyqX3lgOAnzAqo6Fn9qANKiiikMqajqEWmWyXEyuyPPDAAgBO6WRY1PJ6ZcZ9s9aqTeILSH7ZujmP2S/gsJMKOZJvJ2kc/dHnpnvweDxm3qmnxatpF7ptwzrDdwPBI0ZAYK6lSRkEZwfSub0vwdLaavpupXEyGZFee7WNjt+0s0zYjyufLzeXPU7vli9Gy9BGlqfizSbCyubiK+srj7HdQW92q3SD7N5kyxEyddu3LHBx90jjqL8Wt6TPDBNDqdlJFcZ8l0uEKyYdYztIPPzsq8d2A6kVxFt4E1Ky0+2ihS1kuNPW2jt5Z9TuZBOsc8Mh+VgVtwwgHyor8kAEBfm2tO8M3Y8Vrr+ox2Qlb7RIYY3MvkSOltEux2Vc/Jbvk4UjzNuCMklkBux63pM323ytTsn+wZ+17bhD9nxnPmc/Jja3XHQ+lVD4r0T7Zptuuo2rpqSyG0nWdDFKyOiFFbPzOTIMAZ+63pXPJ4Q1ZrLTLeV7Jf7FtYre0ZZXb7X5c1vKDJ8g8nP2VRgeZjzCeduGv2Wg6tb+IBrzrZG5uJZBcWqzvsijdLZCySbMuwFqDtKqD5hGRtyxZAaut+ILTQfsn2mOaT7RLsPkqD5MY+/NJkjbEmV3P0XcM9asf23pP9q/2V/adl/aX/Pp9oTzvu7vuZz93np05rF17wnP4h1eeS41W6tbBtOaySK18rcwlY+fu3xtwQsIBByNrdM8wWnhvWDpE8eoXVrNf3Go2F7LKhIVjCtr5v8IwSYJCABjlenODQC3a+ONGvtOsL60l8+K88sBYpYmeJ3khj2OofIYGdN2M7ec8lQ15PENi2q3Gnu3kyQS+SzyyIqs+2AgKC245+0RgYHXg4yu7CtfCF3LYWel6i8K2dro9zo5kt5SZJY3ECrJhkwjEROSuWAJXlucQXfgi7vrXSo7g2UuzfJfxvlo3klvbe5lVAV5T93KoDc4Kg55NGgHXxapp89v9oiv7WSHdGnmJMpXc4UoM5xlg6YHfcuOootNU0+/uLm3s7+1uJrVtlxHDMrtC2SMOAcqcg8H0Nc/qOg6tJf3SWi2T2d7qdpqEsss7pJF5JgyioEYPkQAgll5fGOMm14V0jUNHt5be5ZIbJFjjs7CO5a5W3VQc4ldFcg5Hytnbt4OCFUA1l1TT3RXS/tWR1idWEykMsp2xkc9HPCnueBmufl+IGjJaTyiaFJbeW1E0M11ECkU5h/fZVmBRROMsPlJUgHGDVSy8Cy2qacjXrslvPGkq+aSDbQFGtgPl++DBESD8oM1yVxvGI9L8Iatp2iw6WXspI/N065lmErgrJb/ZldFXZypW3LBiQcsAVH3qNAOsOtab/YsusJewzabFE8zXMDeamxM7iCuc4wemelVB4jgtrd7jWrd9ChDKiSalcW6LKxBOFKSMMgL0OPbPOH2dhd2FxrtyghlkvboXFujSFRxbxRgOdp2/NGeQG4IPPSuUfQNW0zU9Lu9O0XTLX/T1I06zmdbWPbbXQaZ3WEbWbzEU/uz9xBuORtAO2Gqae1u9wt/amFIFuWkEy7VhYErITnAQhWw3Q7T6VBqesDT7iC1isbq+u51eRLe2MYbYhUM5MjKuAXQYzn5uAQCRzf8AwjEv2rTrSUODdNdT6mYc+Q8LXHn+QzY+c75Ag3ABo2uOFLYrd8RWEupW8Nuuh6Rq0IYu0epTFFRgMKVHlSAnBbnjHvmgC9BqNtKI1eRIbh2EbW8kiGRJTH5nlkKSN4T5sAnjnkc0xNb0mS7trRNTsmubqITW8K3CF5oyCQ6LnLLgE5HHBrl08FahbCSWLVXnu4YIZraaaRh5t6kccbSSjBOxlgjU4JbbNcDOGGI7TwG2najDFB+/09JbWVZJ9QnQx+RHEig26Yjkb9wp3sRgt90hAGLIDqG8RaIqXjtrGnhLJgl2xuUxbsTtAfn5SSCMHHIxRJ4i0SLTYtSk1jT0sJm2R3TXKCJ254D5wT8rcZ7H0rhW8G6lo+k2ghtUurixaytrdjqFzMZlW6t2LFGBW3TEQZgivgdCAnzaV14S1S51FtZdYTeTSytJZwapcWqIHjt0BE8aB3x9mB2lAP3n+wCxZAdmt7aPdtaJdQtcrndCJAXGApOV68CRD/wNfUVPXPeF/DS+HTf/ACWuZ2gVHhRgfKit4olU7iWwGRyAWbAbqSTXQ0hhRRRQAUUUUAFFFFABRRRQAUUUUAFZtz/yM+g/9dZv/RTVpVm3P/Iz6D/11m/9FNTjuJnU0UUVuSFFFFABRRRQAUUUUAFFFFABRRRQBmTf6z8B/IVHUk3+s/AfyFR1g9ygooopDCiiigAooooA4zWfHo0e9vY/7P8AtNtDFOYZ4ml2ySxQvKyMxiEYx5cina7sCMFfvbS/8R67Hq+naWlhZRak10hkhF4zQSwvBclQZTFuVg1uTgJ2Xn5jjWvPB2iX80slzbTOsnm7oRdzLDmRGSRhGGCBmWR8sADlic5Oat32g6bqFxJcXEL/AGh1jTzopnjkUIX27WUgof3sgypBIcg5BxT0EYUfjFreC8WW1eSbdcLYq8y5upUu3t/KyqAIAzW4DN2lGSdjNUC+NrqKLWmXTHuI9LguruWaS5VcrHNdRrGAEzkm3GODhSdzFlG/qI9GsIvs+yDH2e6lu4vnb5ZZPM3t15z5snB4G7gcDEcGgaVbG8MdmhF6rJcLIS6yq0kkhBViRgtNKcf7WOgABoBm634qfSb+4s47DzWiit5DO8jLDGJDNlpWVGMaKIDl8EZcZ2jLVrafe3F7sdoIfsz2sM0dzBcCWOR33blU4BKgBCGwNwfoMGqCeEdKTzir6mJJtnmS/wBrXXmEJv2rv8zdtHmOducZOccCtK20yysrgzWtskLmCK2xHwoijLFFC9ABvboO/sKNALdFFFIZR1n7f/ZU/wDZn/H18uMbd23cN+zd8u/bu27vl3bd3Ga56y8Tx6TCV1a41Axo063M2oLD5ttKkKzCLbbrtYGHfJuGcbdpO4hR1F5aR39o9tM0yxvjJgneF+Dnh0IYdOx9qzX8N2ot7W2gd0t47xLu4ErtLJcsgym6RmL5V1ibJJ4jC/d4piMmLxZrEt39kOhWsVw08dmqS6geLg2y3LqxWIgIqFxuG7LKPlAbID48ge40qS3s3lsL5bbdKolMkDzldivtjMSn95GSGlBw2QDld3Q/2NYfbftfkfv/ALV9r372/wBb5Pk7sZx/q/lx074zzVBfB2iJ9kEdtNHHa+T5cUd3MkZMO3y2dA22Rl2INzAnCqCeBRoBz0/jPWJtF02dNOtbS61NbW6sgl2ZVaJri3R0lJiGwkXCjKh+rHggZ0z4wul8QDSjo00nlSw293JbrNKI5XRG+VhD5ZRRIpLO6NgMdv3d2q3hrSGtLS2Np+6s7X7JbgSODFHmMjac5DAxRkNncCoIINA8N6WLuK5MUzSR7Dh7qVkkZAAryIW2yONq4dwW+VTn5Rg0ANA1S71mwj1GWzht7O5ijntCtwZJHjcbh5i7AEbBXgMwyTzxk8bbfEWFL/WLoatZahAbW8uLTT454w0H2Q7cblBL+cuZQSPlCnG4c13Wm6PZ6T5oshMkcmMRNcSPHGBnCxozFY1GcbUAGABjgVXuPDWkXWj2ukzWm6xtYjDDF5jjahiaEjIOT+7dl5PfPXBo0Awr/wAR67Hq+naWlhZRak10hkhF4zQSwvBclQZTFuVg1uTgJ2Xn5jipc+J9SRb+OO4dZb1Z7XTCyo3k3Ed61rvc7R8mZ7YgYbCo2cnl+svtB03ULiS4uIX+0OsaedFM8cihC+3aykFD+9kGVIJDkHIOKkj0awi+z7IMfZ7qW7i+dvllk8ze3XnPmycHgbuBwMF0By6+NrqKLWmXTHuI9LguruWaS5VcrHNdRrGAEzkm3GODhSdzFlG/S1vxU+k39xZx2HmtFFbyGd5GWGMSGbLSsqMY0UQHL4Iy4ztGWrSg0DSrY3hjs0IvVZLhZCXWVWkkkIKsSMFppTj/AGsdAAKieEdKTzir6mJJtnmS/wBrXXmEJv2rv8zdtHmOducZOccCjQAvtUuJLLRo7aWGOXV5VhFzbuJkiBheUvGSAH4jIUkY+YMVIG0xyXOpaTcW2lW0r6xf3Ky3KyajMluqRRmNWG6KHrmRcDZ3bLcAHWm0yym00ac1si2iqqJFH8gjC427NuChUgFSuCpAIwQKonwtpjW6RM2oEozMsx1K485dwAZRL5m8IdqkpnaSoOMjNAGLD46uL6wuL7T9G3Wyy2cML3N0I/Me5FuUBCqxXaLj5uvRcbtx2W4/E+oT3zaTBpdqdYiaQTRvestuqosLErIIizHFzFwUHO/ngbrd/wCFbC50qbT7VfsMU91bXEnkFl/1LRYC7SNnyQqoK429Rz1kPhXSTbpEI7pHVmf7Ql7MtwxYAHdMH8xgQqDBYjCJ/dXBoBm6f41/tOyv7+HT/JsbeKJopribBmklhiljjCIrNuPmhSACc7QocsQtTTPFup6z4hsLW2sUhCLcpf287SRBShtWV0LwiRiEn+6yoCSecBWPSLoGlJZ3NpHZpHb3DI7pGSgVkREQpg/IVEce0rjBUEYPNQW3hXSbR1khjuhMs/2jz2vZmlZsIpDOXLMhEcYKElTsXIOBRoBQ8MeL5PElwP8AiU3VvazQfabe4aKYKUyuA5eNFDkMCAjSA4b5sAFs3TdZ1KJdY1rUp9abT9Olv5CqpZ/Z5I4ZZFCIAPO3BV/iIBKnJweeo0/QdN0u4aa0hdX2+WgeZ5FhTIOyJWJEacL8qAD5V4+UYgi8K6TFcTSrHdMk7SvLbyXsz27mUsZMwlzGQSzHG3GTRoBxniLxL4g0nUNWacJZ3A05Ggjtbrz4kYQahJvIkiHJMK5AA+6uWIBU9DL4j1K21oaZLYQnUp4oBFALzNuHb7UxJk8oOPktzztPO0ADljei8HaIkzTSW011I2NxvLua5yAkibT5jNlds0o29PnPHSpD4V0lkIaO6aTaiCdr2YzKEMhXEpfeD+9kGQclWK/d4ougMVvG93tvpk0mE22mWrXGoM14Q67JZ45BEvlkSYNs5UsUzlc7ecdnWSvhrSFtLu2Fp+6vLX7JcAyOTLHmQncc5LEyyEtncSxJJNa1DAKKKKQwooooAKKKKACiiigAooooAKzbn/kZ9B/66zf+imrSrNuf+Rn0H/rrN/6KanHcTOpooorckKKKKACiiigAooooAKKKKACiiigDMm/1n4D+QqOpJv8AWfgP5Co6we5QUUUUhhRRRQAUUUUAFFYX/CR/8VX/AGR9k/0X/UfbPM/5e9nm+Rsxn/U/Pvzt/h68VUn8d6T/AGWt9aC6nRmtyiPaTRNLFLLHH5kQZMygeYp+QHqo43CnYR1FFZNh4gs7/UZbFH2zrlkjZJFfYI4XYuGRdjDz0+XnqO+4LUsvGejXtzFAl4jPdMos1RJC0ymOGTO0oMECdCRzhcsSMOFVhnQ0Vkt4l0hbS0uTd/ury1+125Ebkyx5jA2jGSxMsYC43EsAATVuHUYJ9NN+iXQhCs+17WVJcLnP7oqHzxwMZPGM5FAFuisJ/GGjp5K7715Zd+II9PuHmTZs3b41Qun+sjPzAZDqRkEVBq3i+ztltk0+T7XLPdWkXmRQSSwBJpYwcyoNit5b7gCw+8hwQwy7COkorG1DxLY6VqTWd2z7ysRjSCCWeV2fzjjYiHjEDnIJ6HIGAWqHxtpaX9zFJ5wtYLBb1rpbeVlRczCRZAE/dsvkkYYgk5XGRiiwzpKKyV8S6Q1pd3S3eYLS1+2SyCN8CHMgEi8fMp8pyCucgAjIIJgvvElsqzwWUv8ApKSpAJ5rWY26yPKsWPMVdrsGfBQMDkEEphmVWA3aKwm8Y6IsMkxuZvLXbsItJj54Z1RWh+X98pZ0G6PcPnXn5hm2mvaa+kXWqGZ0tbRXe482F0khCruO6NgHB24bBGSCCMgjJYDSorCbxjokUavNczQM8ohWG4tJopWdlZlAjZQ53eW4XA+ZlKjLcVJceK9GtXulnunRLZZGklNvJ5R8sFnVJNu13UK+UUlhsbj5TgsBs0Vm32vabp9xJb3Ez/aEWN/JiheSRg5fbtVQS5/dSHCgkBCTgDNVG8Y6IkiobmY5iEzutpMUgQsy5lYLiLDRuG3lduxs4waLAbtFc3a+MbOfPnr9kWO/uLSV7kSJGBF553rIU2N8sBY8gKCQTkANO3jDR0jVne9WRpREtudPuBOWKswIi2b9pEb/ADbcfI3PBp2EbtFZs2vabBow1Z5nNoWWPKQu772cRhPLAL7952lcZByCAQagj8V6NJcWtuLp1ubpmSK3kt5ElLKU3AxlQykCRGwQPkO/7oJCsM2aKxo/FejSJK63ThEXerNbyKJ1JCgw5X98CWQAx7sl0A+8uY7fxjolzdxWiXMyXUsrQpbzWk0UhdRGWGxlB4WVGPH3SW6KxBYDdorGufFWk2ZuFuZLqJ4GCFHspg0hMixjyhszKN7oMpuHzr/eGSPxXo0iSsLp18td2JLeRGfkKVQFQXcOyoUXLK7BCAxAosBs0VUh1GCfTTfol0IQrPte1lSXC5z+6Kh88cDGTxjORVGPxXo0lxa24unW5umZIreS3kSUspTcDGVDKQJEbBA+Q7/ugkAGzRWbp+vabqlw0NpM7Pt8xC8LxrMmQN8TMAJE5X5kJHzLz8wzm2vi+zSxnm1KTZLFdTxFLeCSUhFu2t4sqoY7nIAA/iIbAwpwWEdJRWMfFWki3SUSXTuzMn2dLKZrhSoBO6EJ5igBkOSoGHT+8uZ4Nf0q5ljjt7xJTLOLeMxgsruYfPADAYIMXzZzjtnPFFhmlRWFZ+MdEv5oo7a5mdZPK2zG0mWHMiK8amQqEDMsiYUkHLAYycVJP4ktbTxDcaVdI8SQ2cd2booxiVSZd29wu2MARZyzDOcDpRYDZoqjpusWeq+aLYzLJFjfFcW8kEig5w2yRVbacMA2MEqwB4OMzTfGWk6gLZBM4llWHc6W8xt1eWNHRfOaNVyRImAdpJZRgE4osB0NFc3pnjXTr/QdP1KWG9hkvIlcWyWU8sn3VZiqrHudBvUeYBtyRzyBUereNdNgsbo6Zcpd3ULW6N5UTzLGJmiCPhB84xMrKqnL7WCnIYq7MR1FFY1v4jsQ9raXFw7XTrGskgs5Y4lkcAhXLAiJ23LiN23fOo5LDMcXjHRLmwgvbW5muoLjPk/ZrSaZpAApZgiKWKruVWbGFY7SQ3FKwzdoqOCeK5t47i3lSWGVQ8ckbBldSMggjggjvUlABWbc/wDIz6D/ANdZv/RTVpVm3P8AyM+g/wDXWb/0U1OO4mdTRRRW5IUUUUAFFFFABRRRQAUUUUAFFFFAGZN/rPwH8hUdSTf6z8B/IVHWD3KCiiikMKKKKACiiigDlP8AhBbb7T9u+33v9pf2n/aH2j7TNt/1n3PK8zZ/qf3Gcfd7dqG8FZ07RLYahiTSbBLaJzDw8iSW8iOw3fd3WwyoOSGIDDGaoX3jPVraG/2abultvtcI/cOV+0b5PsiH5v40iXI6sbiDbxJxjX9/qeoaf40Au0Wyg0m7WS3kEkhYie/jDIzSYQ4jXPBBAAAUAAVqI6u68HLqNreR390kst3eR3UjRwsigfZ0t5kA3k4eNZVznK+ZkZKg1btfDn2bxXc659r3ed5v7ny8Y3pap97Pb7Lnp/H7cyaTfah/a97pWpS2s81vBDcrPbQtCpWRpV2lGdzkGInO7ndjAxk4tpOLfwk3jK7e9uNShsJLu4tvt0qQrKsZ3w+UG2LsIKYKlgVy2WBJWoAPBN35Ntay32mXVnZWDWFpBd6YZV8svCwMw80CRgIF6BBk5xxitb/hHXPhT+xZNRmmkPzNPOWlDnfvKMGYs0R+4ULEmP5S38VZN1rfiC21y20D7TpjXk0sR+2fYpBGI3ium2+V52dwNr97fjD9OMnKOvatr194aVGsre5mlg1G3kaB3SKOe0vMROu8F2URn5wyg7h8oxgvUDd8OeDP7B1Vr/z7IbvP/wBHsbH7NCvmLbD5V3tjH2bJ9S56Y5r2fgi7sLC00621aH7GktlPciSzLSSSWwhUbGEgCKwt04KsQS3JyAIH8X6s1lqdxElkv9i2stxdq0Tt9r8ua4iIj+ceTn7KxyfMx5gHO3LZv/E1g0bxDrrRvLHbNqrJM+u3YOI3nVV+zqAgA2hRtcEABgQwFGoHX3Xhz7T4rttc+17fJ8r9z5ec7Euk+9nv9qz0/g9+M2XwTKbbVreDU0RNVguoLkyWxYhZJLiRCmHGCpuWznO4KMbKnu55ddvtT8LXUtqsLwSrPNCx8x4ZF2hEU5CyIHUuTuADRHb++ASfTdX1CbxNc6fqKpaDbLJa2ptmLSxI6qJhOHKEHcCUKq67hngBmWoDPEXhm71f+0fsOow2n9pWH2C68+1M37seZtKYdNrfvnzncD8vAwcwSeDXm1K4ujew28cl1FcC3s7doo3KXEcxaVfMKvKfLC+YApwxyG4ALDxBq093Zm4jsltrrWLrT0WNXL+XCLn5yScBiYUGMEcMc/MAmY/i7W2Gt3cf9nra6NBNcyQtbuz3Cx3F1HtD+YAhKWy87W5YnGOKeoF+PwTL5WnwTamjw6WsMNiEtirCGOaCUiUlyHci3jXcoQDLHacgC3rOg3D+HvF0No3n3OrxStFFgLhzbJCFyTjkxg5OPve2awtX8Uaza6Df38zWUltNLqVpBDFFLDJEYFuSrtKJMnIt8HaEIL5BG3me68X6tpdhPq92llc2ZutQt4rWKJ4pF+zC4YFpC7Bsi2IICDl89sE1A1ovDN3LrlrrOo6jDNeQSoSLe1MUbRpFcIq7WdiGzcuS2SCFUYHJMeneDLbTvEL6nGun4M81ysg09BdF5SxYPOSSUBdsBVU4CgsQDun07U9Qt9bv9O1q90+RIYLWWKaGBrcFppJYwhDSPkkxqBgjJbGKZ40tRNplpMLi9gkW/tIc2t5LBlJbmJHB2MM5Ukc5xk4xSAqSeAbL+xItPT7LIYLz7VELu28+EgRmGNHjLDcEh2IDuBLRq5ycgyJ4JSPStWsY7qGFdR0wWBEFosUcJ3TsWVFIG3NwcL1wvLMSTVC0uL7RNX1uWCaGTTV1iztHgmR3nYyQWkQfzi56b1J3KxO08/NkSeG/EWp3J0BL1Es7S9s4Tb7oJJzeObfzXxN5hMZU7hiVSWCEhmJO16gW73wV/aFtJYT6hjTTdXNwqJDiYfaI7hZQXLEH5rglTsGAoB3ZzU8Xhm7l1y11nUdRhmvIJUJFvamKNo0iuEVdrOxDZuXJbJBCqMDkmpc65rbeIbiwtZtPihbURp0BltXdkb7ItyZGIkUMMbk2gLjIOTgg1I/G9/ef2Vf2djv02f7FFeL5an7PLceWQvmmVSdqzRHiFgem4ZOw1A0tS0C9j8MNYadKkt02rJeq8ifKga+Fw2V3DcFBPAILbeME1PpvhuW013+2bq+Se7kWYTiKAxxs0gt1BUFmKgLbLwS2SxOQMCjQta1DU7xba4tkiezgKai2xlX7Tv2gRZP3MI74b5tksDfxGuUtvEus6ct9baXpyXENlPe3ly8hjClWvboBS7zRiIYib58SdclRtwy1A2ZPBtxFp0CNe/aP7JtVh0uOG3CviOSKVBKWkxIxa3iHBiBy/wB3IKyeGdC1VdZn1/WGSK6nacfZ1hCHa6WqAkCSQKR9lPAdshgcg5UVNX8b3+k3tzdpY/a9GX7TFFJ5axZlghld13+azH5oJE5iUdwxAG/S0SPUI/GusrqV1a3E39nWRV7a2aFQvmXXBVnck5zzn8PV6gZsHw68nUobr7bZDyfLHmx6fsuLjbcQTbriXzD5rnyMFto5dmx2q/P4M82MDz7KfH2393fWPnwt9oukuPmTeM7dmBzySG4xg0PDmpeIJtB8NWP9oWT3l9pn237XPaySYjRYBsZfNBdyZsmTcB8v3ecjZt/EUt5YeFbyOBI01pkMkbEsY1a1kmwDxyCijOOmePQ1Ak/4R1z4U/sWTUZppD8zTzlpQ537yjBmLNEfuFCxJj+Ut/FVHw54M/sHVWv/AD7IbvP/ANHsbH7NCvmLbD5V3tjH2bJ9S56Y5zH8Xa2w1u7j/s9bXRoJrmSFrd2e4WO4uo9ofzAEJS2Xna3LE4xxRqPi7W9N0i71V/7PmhafUba2gW3dWja3W4ZWd/MIcEW+CAq/fzkYwTUDW8MeDLbwzcB4F08JFB9mia309IZnTK8zS5Jkf5RyNgJLEqfl2s/4Qryo9trqHk+bqf8AaF2vk5WfF19oUY3fK4wqb+6jlThNlTWPEviTTrx7eHTrWd7OzW+vChQRBXeXEfmSTR7AoiIMm185LbFxtOT4s1jU5bCHV/MtVtLa81KOC2WORZQ8FreR7jMsgOCYycKqkbhhsjJNQOol8M3cWuXWs6dqMMN5PK5AuLUyxrG8VujLtV1JbNshDZAAZhg8EVE+H9lbW8kdpcvG6WcMNpLIu9oJoxHiY8gOT9ntTtwF/c/7bZg1TU9bvtHmvbW9tbSH+1orOCNYHMiMl+kBZ3EgDowViUCrw23dwSZ9Q8SarYavbwxQpeWkM9tZahLHbCNUnlZBkM024DEsbbRG45xvzkqagW4fCFva2FxY2k/k2z39ndRJsLeUluLcCPJbJyLcfMem7vjmfVfDn9p3d632vy7bUbD7Bex+XlzGBJtMbZwjAzPnKuDgcDknibG+1C38H+EtNvJbWeG6g025t2hhaJoVjurNdr5dg5IlHIC42ng546Twn4l1nW7i3k1HTktrS+s/tlqSY1ZVymFAEztIMSDLlI8YGVy4CmoGzpel3dtf3Wo6jeQ3N5cRRQE29uYYxHGXZflZ3O7Mr5O7GNvAwScrTPBX9naCNL/tDzMXVjceZ5OP+PZbdcY3fxfZ85zxv745qTeJ/EH2ESW9nayzXWrXGnWaQpvYLC0+ZHDyRqSVhxt3rjlsnIjD4fEutM+mPe20On2skot57jyRdLJOZ2i8r91KfIY7Qct5iqX2lsr861AJ/AnnWGmW0s2mXf8AZcTWtoL/AE3z4xbkRgb08wZlHlL+8BUYLDYM8X4fCKW9hcWcd3iOS/s7tT5CrtFuLcBMLhfm+z9gAN3A45wtT8QXepaN4T86OFf7Tisr+bYpG2QXljgLk8L++brk8DnrksNb8Qad4C0K/ubmGSB7BLm61NrKSf7PGIkKiSMTeZIxJYmReBt5QAlg9QNm48GW03ih9YC6eTLPHcyPNp6S3KuiooEczHCJiNeNpPLkMCQVguvAsU+kaFaM2n3M2k2f2NTqNgLmF1Kxhm8vepV8xLg7jgFhg5yNbVr7UP7XstK02W1gmuIJrlp7mFplCxtEu0Irockyg53cbcYOcih4R8Rah4mNxeSQWtvYKsBjjUs8paS3gmwTwML5jDOPmyOF2/OtQOhsrRLCwtrOM5jgiWJTsVeFAA4UBR06AAegFT0UUhhWbc/8jPoP/XWb/wBFNWlWbc/8jPoP/XWb/wBFNTjuJnU0UUVuSFFFFABRRRQAUUUUAFFFFABRRRQBmTf6z8B/IVHUk3+s/AfyFR1g9ygooopDCiiigAooooAgaytH8zdawnzJVmkzGPnkXbtc+rDYmD1G0egqCbRNJudnn6ZZS7PN277dG2+bnzcZHG/J3f3snOa89tNDvNShv20XTf7N1A3+qiTWd0cX2gM9zGib0YynbI0TfMoA8rI5C5t3fhyWa3umtPDd1Y2DNAY9IhjszHJKgmLSTQmTynjbfEDhg5MakbdqtTsI76UW9r5980P7wRDzHjiLyMibiFwoLNjc2FGeWOBzWE83h9LTUPF50eH7TY/afNuRbR/aD5BeJ9rdeRGQMkcYzjpXL6p4V1a4jvUh0a1e6k0l7dpHih8mJvshjWKxfcJIkLnBWRduC5BUn5477wpqNxYatBZeH/suoSy6o8t/ugX7dFMLgRRblcuctJC2HAUeX1yoy7AehWeiaTp0aR2OmWVrHHKZkWC3RAshXaXAA4baSueuDio7jw7ol3bpb3Oj6fNDGqIkclsjKqoGCAAjACh2wO2446muX0jwze2vjSTUriO9Mv2q4le732ywywuX8uPcF+0SbQ0Y2OQgKZBIRAZLnwkLzxPcXt1pNrPDc6sGneVI2820FiqhWzyyCdVOw/xKGxwDSA6iTRNJm+xebplk/wBgx9k3W6H7PjGPL4+TG1emOg9KjvH0+0FrpstmjQ6nPJB5SxKY2Zo5JXLjoQwR88HJbnqTXCjQPEUlxoFzeWd0+p2i2CNdwm1O2NTGbgTSufPLk+fkRnayso53Pm3ZeE1ng0Wz1DwzCZLa6R9Vup0gdNQZbadDMcMWk/eMDlwG+fOPvYLAdslvZC4EKWiK8DG5U+RhVeQuGZWxjecvnBz8/P3uS00vT7C4ubizsLW3mum33EkMKo0zZJy5AyxyTyfU1wVv4MvLjXrYalpUM+lRXX+qmMckawo2o+UoQk/Kqz2wC44BAAG04r3ng3VbidRLb3rRJ50OnrayWoFl/pM7I+6VWaFfLaAKYQWUR425RBRYD0WfS9PubGSxuLC1ltJWLyQSQq0bsW3klSMElvmz689ao6JaaJe+Hra4sNJtbew1CzQ+R9nRAYXBcIyjjH7x8jkZZvU1U8Taaby/sJ7jRv7a0+KKZJLDETfvWMZSXbKyodqrIuc7h5nAwWxydv4Z12L/AIRtpNOmW8sItPhWe2FptihTy/PSWRv327/XjER2FSo5y+QD0WXS9Pnt/s8thayQ7pH8t4VK7nDBzjGMsHfJ77mz1NSLZWieXttYR5crTR4jHySNu3OPRjvfJ6ncfU159pHgy802y03ydKht7m2tdJ+aIxqyTCY/bWBB+80QUOw++ABlsYqpJoGr291e31zZvbQvAZ9WLGzhtbpluIZJFTYQzo0a3Cg3H8L4Yjc9FgOy0LwZpGgJcCGFJnuGjaRnt4YwfLJaP5IkRMqxLBtu7OOeFxuzQRXCBJokkQMrhXUEBlIZTz3BAIPYgGvJbXQo9eS5vNN0eZNBN/K0dhYx2EisxgtVWRVkLW7KDHOCyksCxHdwPTNIS9tbeCwuonZLezgH2uS585pZcMHBO1SSNqneQN2/oMGhgW2srR/M3WsJ8yVZpMxj55F27XPqw2Jg9RtHoKgtNE0mwuzd2emWVvcmJYTNDboj+WAAE3AZ2gKoA6fKPSr1FIZB9itPO877LD5vm+dv8sbvM2eXvz/e2fLnrjjpVR/DuiSXFrcPo+ntNaKiW0jWyFoVQ5UIcZUA9AOlaVFAFSw0+LT0nEbO7zzyTySSEFmZjnBOOQo2ovoqKO1Ml0TSZ5LeSbTLKSS2laaBnt0JikZtzOpI+Vi3zEjknmr1FAFH+xNJ/tX+1f7Msv7S/wCfv7Onnfd2/fxn7vHXpxRpuiaTo/m/2XpllY+bjzPstukW/GcZ2gZxk/mavUUAZs/h3RLm3kt7jR9PlhlnNzJHJbIyvMRgyEEYLkfxdat3llaajaPaX1rDdW0mN8M8YdGwcjKng8gH8KnooAowaJpNraSWlvpllDbSReS8Mduio0eWOwqBgrl3OOnzN6mqlj4U0SwN46adayTXrTm5mlgQyTLLIXZGbGWTJxg54AHOK2aKAKl3pen39xbXF5YWtxNatvt5JoVdoWyDlCRlTkDkegqCfw7olzfSX1xo+ny3cqlJJ5LZGkdSuwgsRkgr8uPTjpWlRQBRfRNJku7m7fTLJrm6iMNxM1uheaMgAo7Yyy4AGDxwKjfw7oklxa3D6Pp7TWioltI1shaFUOVCHGVAPQDpWlRQBm2fh3RNPSRLLR9PtkkZHdYbZEDMh3ITgclTyD2PIqe00vT7C4ubizsLW3mum33EkMKo0zZJy5AyxyTyfU1booAqT6Xp9zYyWNxYWstpKxeSCSFWjdi28kqRgkt82fXnrTE0TSY7u2u00yyW5tYhDbzLboHhjAICI2MquCRgccmr1FAGbH4d0SK8lvI9H09LqZt8ky2yB3beHyWxkneqtn1APUUHw7ojXCXDaPp5mSdrlZDbJuWZiC0gOMhyVXLdTtHpWlRQBU1DS9P1a3W31Kwtb2FW3rHcwrIobBGQGBGcE8+9TxwRRPK8cSI8zb5GVQC7YC5PqcKoz6ADtUlFABRRRQAVm3P/ACM+g/8AXWb/ANFNWlWbc/8AIz6D/wBdZv8A0U1OO4mdTRRRW5IUUUUAFFFFABRRRQAUUUUAFFFFAGZN/rPwH8hUdSTf6z8B/IVHWD3KCiiikMKKKKACiiigAoqOeeK2t5Li4lSKGJS8kkjBVRQMkkngADvUlABRRRQAUVHPPFbW8lxcSpFDEpeSSRgqooGSSTwAB3qSgAoqOaeK3QPNKkaFlQM7AAsxCqOe5JAA7kgUGeJbhLdpUEzqzrGWG5lUgMQOpALLk9tw9aAJKKKjE8TXD26yoZkVXaMMNyqxIUkdQCVbB77T6UASUUUUAFFFFABRRRQAUUUUAFFRieJrh7dZUMyKrtGGG5VYkKSOoBKtg99p9KkoAKKgs7201G0S7sbqG6tpM7JoJA6Ng4OGHB5BH4VPQAUUVGJ4muHt1lQzIqu0YYblViQpI6gEq2D32n0oAkoqMzxLcJbtKgmdWdYyw3MqkBiB1IBZcntuHrUlABRRUcc8UrypHKjvC2yRVYEo2A2D6HDKcehB70ASUUVHHPFK8qRyo7wtskVWBKNgNg+hwynHoQe9AElFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFZtz/yM+g/9dZv/RTVpVm3P/Iz6D/11m/9FNTjuJnU0UUVuSFFFFABRRRQAUUUUAFFFFABRRRQBmTf6z8B/IVHUk3+s/AfyFR1g9ygooopDCiiigAooooA8kvNElk8L+JdUjsdPtEibWnkvYXJubxd1ynlSDYMICVb77f6pOO67Vt4l1pPEt6bieGaKCW6D6TBIJLoQxh/LZYBCHVn2RkM8pRvM4ALoB6DRTuI8sg8X6mLe+gfxLpEkMDW0jXsep27ybXE26KOQwpD5n7lCEdOhbLjIKXoPEWuS+I7SD7altEWtVjsdQdY7q4ieONpJGt1hLM4LyAsjoitGcgBGz6LRRcDz74jakY7DXLG61n+y7b+x2e2TMS/b5WEoeLMiktgLFxHhh5vJ5XEdprt3FrFpatfpHDJqNyi2Wnm3FzIft0yl5InTLQhVG54yHGJGO7ll9FoouB5Dqnim5vpZLa41iGGzmlt7shrqF7jTNl9agLInlKIWUSNlZDLymM/Kd1u+13Ul1D7TYX6X6W8FzBa6nIUCyQNLp/mTF0Ty8Rl5hvCFV8r5lba2fU6KdwOFWfUtZ+GfiNJbmHU5mtbmG2ls38/zwYeAHWKNZG3Fl+RMcBeWDVRubuaC513W9K8STXq2GhQ3KzL9nkjvCkl4wWQrHjaCpX93sOM855HpFFK4HnSeI/EB13UV/tPSITE12v2K7uP9RHGJPKlkjWEPGh2xsZHlKlXOAC6AVJfE+qmwtBBrXk2zyziXVL68tYoXdBFtSGdYHjdDvkIzGHJjbO3Yy16hRRcDlNc1e/s/CWm3s2oWWnzzeUbuRpVtmOYyzLB9oUgOWHCygcbgSp+YVLHxDJ9rmlvtR1CKa3gWS10WSKBLq+j+zLIXMe3e0m8yLiMqu6PGOGz21FFwPL9L8RaxqerwaMniOGWN7qHde6fc2924VoLtzHv8hEHNuhxsJGT8xyALB17W3t9evBq8yf2HYSTJEsMOy6eK4vI8y5TPzLbpu2FOrY25GPSKKLgeX6l4o8RQTa9ImpWUUltFflbHzQ80CRJIYpfJEO5M7Im3ySMjB+B86AbuoalqOm+I9K0+51nzvN8vdb2RgW4ld5G3M0LqT9mVRjcjb1CsWL4Lr2dFFwPPvE2pHS/FurT2+s/ZNQXR7Z7OwzEf7QlWS6KxbWUu2W2riMq3z9ckYydf1zWrq28TWtxfWQi+y6jE+necGmihSOURyeUId8e7bG295ShD8AF0A9XoouBwuv6pqOiST2x16YT21gJ9PWdIA+q3JaXMBGwb8bYV2xBW/eckllIgvdZ1+HQ5L3+1YY0m1i5tDNKY7eOzt4pbgKzStHIAxZI03MpBBVQAxLn0Gii4HKDVtSTwHFfy3ULXDSpHJeQDciQGcI04ZkVTtiJk37BGcbgNmBXL6lqs9rr63ujXqa7N9jiaCdo4pjcOsOqMqjylAzuUL8mCRkZ5OfU6KLgedT30j63ps2j6++toLO9We9i8ieWBPMtN3lpEgV3UYIUgn5s4fAjapa69qMtj4g1Ow1fZa6Za3N/bw20MBguT9rvcFzsJKssKZKspOSc5Oa9QoouBwtvr9zJ4r0+2k13bdTandW0+jfuR5duiTmOTbt80bhHE+4tg7+OCBV/XrPTbXVYptVjhXQrrzZr83JzA10FhSEy7uAuxHA3fJuCfx7K3f7Hszqv9pMJpLkfcElxI8cZ27dyRliiNtyNygHDNz8xzeouB5e/2v8A4SWy/s/zv7B8q98j7LnzfsGLLd9nx823zd+Mc+Xnyv8AllXdWX9i6Ylt9g8mKLVZV8jyMtHKwgG3bjKqvlQjGMDC+p51qKLgFFFFIYUUUUAFFFFABRRRQAUUUUAFFFFABWbc/wDIz6D/ANdZv/RTVpVm3P8AyM+g/wDXWb/0U1OO4mdTRRRW5IUUUUAFFFFABRRRQAUUUUAFFFFAGZN/rPwH8hUdSTf6z8B/IVHWD3KCiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoorm2vdZuLzW5I9V0nT7DTbgQlrqxeUhRbxSs7OJ0AH7w9uAOtNK4jpKK5d77UYt/meMfDSbN2/dprDbt37s/wCl8Y8qXPp5b/3Tge+1GLf5njHw0mzdv3aaw27d+7P+l8Y8qXPp5b/3TgsFzqKK5d77UYt/meMfDSbN2/dprDbt37s/6Xxjypc+nlv/AHTge+1GLf5njHw0mzdv3aaw27d+7P8ApfGPKlz6eW/904LBc6iiuXe+1GLf5njHw0mzdv3aaw27d+7P+l8Y8qXPp5b/AN04HvtRi3+Z4x8NJs3b92msNu3fuz/pfGPKlz6eW/8AdOCwXOoorl3vtRi3+Z4x8NJs3b92msNu3fuz/pfGPKlz6eW/904HvtRi3+Z4x8NJs3b92msNu3fuz/pfGPKlz6eW/wDdOCwXOoorlbDWNYj8dHQL+5sbqE2D3Xm29m8DB1eNccyvkYf25rqqQwooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigArNuf8AkZ9B/wCus3/opq0qzbn/AJGfQf8ArrN/6KanHcTOpooorckKKKKACiiigAooooAKKKKACiiigDMm/wBZ+A/kKjqSb/WfgP5Co6we5QUUUUhhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFcvAnmS+I18vfjX7VsbN3SGyOcbH6YznAxjO5Mb16iuTDKD4m+SOWRNbgmWFnjUyeXb2bkL5gK7uOM45x8yfeDQmdZRWQ+vIm/bZzPt3Y2zwfNjfjGZB12LjOP9amcYfaPryJv22cz7d2Ns8HzY34xmQddi4zj/WpnGH2oZr1yFrqupf2NpfiaS9eSHUmtA2mmNBFClw6Iuxwu/evmKSWJDYbCruGzYfXkTfts5n27sbZ4PmxvxjMg67FxnH+tTOMPtzV/sq11KS/i025aZWkkRRexmIOfMy6RNNsR32/eABPn8nmTaxDfAms3/iPQbHVLufbi1jikgKKHeXarNLIAPl3cFFXA2OGOd6hOrrmrWXTdL8r7Fpcy/ZbX7JFsuofmiTfsU5l+b7g2luR5w5GZNt59eRN+2zmfbuxtng+bG/GMyDrsXGcf61M4w+0YGvRWQ+vIm/bZzPt3Y2zwfNjfjGZB12LjOP8AWpnGH2j68ib9tnM+3djbPB82N+MZkHXYuM4/1qZxh9qGcnoKeV8RdOj8vy9vh0rs2bNuGt+NuxMfTYmP7q9B6HXn2iRC3+JVlAPK/daA0Z8kqUBV7cEAqqjHHZVHsOleg02IKKKKQwooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACs25/wCRn0H/AK6zf+imrSrNuf8AkZ9B/wCus3/opqcdxM6miiityQooooAKKKKACiiigAooooAKKKKAMyb/AFn4D+QqOsubxToYlI/tOA4wMg5HA9aZ/wAJTof/AEEof1rBlGvRWR/wlOh/9BKH9aP+Ep0P/oJQ/rSGa9FZH/CU6H/0Eof1o/4SnQ/+glD+tAGvRWR/wlOh/wDQSh/Wj/hKdD/6CUP60Aa9FZH/AAlOh/8AQSh/Wj/hKdD/AOglD+tAGvRWR/wlOh/9BKH9aP8AhKdD/wCglD+tAGvRWR/wlOh/9BKH9aP+Ep0P/oJQ/rQBr0Vkf8JTof8A0Eof1o/4SnQ/+glD+tAGvRWR/wAJTof/AEEof1o/4SnQ/wDoJQ/rQBr0Vkf8JTof/QSh/Wj/AISnQ/8AoJQ/rQBr1zmo+BfD2q6lPqF3aXBubgqZWjvZ4wxChQdqOB0UDp2q5/wlOh/9BKH9aP8AhKdD/wCglD+tAGV/wrXwt/z6Xn/gzuf/AI5R/wAK18Lf8+l5/wCDO5/+OVq/8JTof/QSh/Wj/hKdD/6CUP607sRlf8K18Lf8+l5/4M7n/wCOUf8ACtfC3/Ppef8Agzuf/jlav/CU6H/0Eof1o/4SnQ/+glD+tF2Blf8ACtfC3/Ppef8Agzuf/jlH/CtfC3/Ppef+DO5/+OVq/wDCU6H/ANBKH9aP+Ep0P/oJQ/rRdgZX/CtfC3/Ppef+DO5/+OUf8K18Lf8APpef+DO5/wDjlav/AAlOh/8AQSh/Wj/hKdD/AOglD+tF2BDo/g7Q9BvzfafbTJcmJod8t3NLhCVJADsQMlV/Kt2sj/hKdD/6CUP60f8ACU6H/wBBKH9aQzXorI/4SnQ/+glD+tH/AAlOh/8AQSh/WgDXorI/4SnQ/wDoJQ/rR/wlOh/9BKH9aANeisj/AISnQ/8AoJQ/rR/wlOh/9BKH9aANeisj/hKdD/6CUP60f8JTof8A0Eof1oA16KyP+Ep0P/oJQ/rR/wAJTof/AEEof1oA16KyP+Ep0P8A6CUP60f8JTof/QSh/WgDXorI/wCEp0P/AKCUP60f8JTof/QSh/WgDXorI/4SnQ/+glD+tH/CU6H/ANBKH9aANeisj/hKdD/6CUP60f8ACU6H/wBBKH9aANes25/5GfQf+us3/opqi/4SnQ/+glD+tQRatYal4p0RbO6jmZJJiwU9MxNTjuJna0UUVuSFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//Z)
I do have these two programs installed but as far as I can tell they don't seem to be running in task manager and their tray icons don't appear unless I double click on them to start them up when I'm running in Safe Mode. In Normal Mode they both load on boot up.

Should I just ignore the message and go ahead and run ComboFix?

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 05:08:18 PM

Sorry about that. I pasted in a .jpg file of the warning and it looked fine in the editor but didn't come out okay when I posted it>

The warning message said:

ComboFix has detected the following real time scanner(s) to be active:

Antivirus: Webroot Antivirus with Spysweeper
Antivirus: Symantec Antivirus Corporate Edition

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking 'OK'.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 05:20:06 PM

why are you running more than one active antivirus
It's unnecessary and unneeded, If both active, they will interfere with each other

I would hold onto the one your happiest with and Uninstall the other
Reboot into Normal windows, disable protection from the AV remaining on your computer
Then run ComboFix with previous instructions
If you can't run combofix in Normal windows, then boot to Safe mode and try running it

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 05:34:41 PM

When this problem occured I was only running Symantec Antivirus Corporate Edition. It wasn't finding anything so I installed Webroot Antivirus with Spysweeper hoping it might detect something. I can't find a way to disable Webroot so I'll uninstall it and then disable the other antivirus program before running ComboFix.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 06:24:59 PM

I uninstalled Webroot Antivirus and rebooted in Normal Mode. The system performance improved. No longer freezing up.

I'm also not getting the error message I mentioned at the begining of my post when I boot in Normal Mode:

Windows cannot find C:\Documents~\Bruce\Local~\Temp\UninstalllockedSOSfiles
Windows cannot find C:\Windows\is-VE64T.exe

However, when I try to run ComboFix I still get a message:

[indent]ComboFix has detected the following real time scanner(s) to be active:

Antivirus: Webroot Antivirus with Spysweeper

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking 'OK'.

[/indent]The uninstall program ran successfully on Webroot software so I'm not sure why I'm getting the message. I even rebooted in Normal Mode one more time and then tried to run ComboFix again but got the same warning message. Not sure if I should proceed with running ComboFix.

I just ran several programs and the system is running faster than before this problem occured. It looks like the programs you had me run have gotten rid of the problem. Everything seems to be running smoothly and faster than before with no error messages popping up.

The only thing I'm confused about is why ComboFix thinks Webroot is still active.
[indent] [/indent]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 08:10:57 PM

Go ahead and try and run ComboFix with previous instructions

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 09:01:18 PM

I ran ComboFix. A window popped up a couple of times saying that there was an error in pev.something. I didn't catch the end of the filename. And it asked if I wanted to send a report.

A message also popped up in the ComboFix window saying something about the system was trying to terminate the program in an unusual way and to contact the administrator. I grabbed a pen to write down the exact message but it was gone before I could write it down.

Even though these messages appeared the program seemed to complete and this is the log file:

ComboFix 11-05-21.03 - Bruce 05/21/2011 21:41:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1253 [GMT -4:00]
Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bruce\Application Data\inst.exe
c:\documents and settings\Bruce\g2mdlhlpx.exe
c:\documents and settings\Bruce\Start Menu\Programs\Startup\Printkey2000.exe
c:\documents and settings\Bruce\WINDOWS
c:\program files\Internet Explorer\SETEC.tmp
c:\program files\Internet Explorer\SETED.tmp
c:\program files\Internet Explorer\SETEF.tmp
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-21 22:59 . 2011-05-21 22:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Trusteer
2011-05-21 20:18 . 2011-05-21 20:18   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 20:06 . 2011-05-21 20:06   --------   d-----w-   C:\_OTL
2011-05-07 02:25 . 2011-05-07 02:25   102400   ----a-w-   c:\windows\RegBootClean.exe
2011-05-06 20:24 . 2010-09-06 09:26   189520   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-05-06 02:58 . 2011-05-06 02:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-05-06 02:46 . 2011-05-06 02:46   --------   d-----w-   c:\documents and settings\Administrator.AMD3200\Local Settings\Application Data\Mozilla
2011-05-06 02:39 . 2011-05-06 02:39   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-04-28 18:34 . 2011-04-28 18:34   53816   ----a-w-   c:\windows\system32\drivers\RapportKELL.sys
2011-04-28 17:21 . 2011-04-28 17:21   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-28 11:00 . 2011-04-28 11:00   --------   d-----w-   c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com
2011-04-28 11:00 . 2011-04-28 11:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 02:19 . 2011-04-27 02:19   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
2011-04-27 01:58 . 2011-04-27 01:58   --------   d-----w-   c:\documents and settings\Bruce\Local Settings\Application Data\PackageAware
2011-04-26 23:29 . 2011-04-26 23:29   --------   d-----w-   c:\documents and settings\Bruce\Application Data\Malwarebytes
2011-04-26 23:29 . 2010-12-20 22:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 23:29 . 2011-04-26 23:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-26 23:29 . 2011-05-19 16:40   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-26 23:29 . 2010-12-20 22:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-26 16:36 . 2011-04-26 16:36   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
2011-04-26 15:21 . 2011-05-05 19:35   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-04-26 15:10 . 2011-04-26 15:10   --------   d-----w-   c:\windows\system32\config\systemprofile\Local Settings\Application Data\AOL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-11-29 21:55   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2001-08-23 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2001-08-23 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-01-08 20:23   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2001-08-23 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2001-08-23 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-08 01:48 . 2010-12-08 01:48   288568   ----a-w-   c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-05-06 03:04 . 2011-03-23 19:58   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-05-16 1630208]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2004-12-29 544768]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-09-10 1537648]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-04-01 169312]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2008-04-01 1647960]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HostManager"="c:\program files\Common Files\AOL\1187843131\ee\AOLSoftware.exe" [2010-03-08 41800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2004-06-18 67584]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2009-11-23 581632]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2006-4-10 117344]
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-1-7 826368]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2010-06-23 17:51   1043968   ----a-w-   c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [5/21/2011 6:44 PM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 4:57 PM 6144]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [4/1/2008 2:46 PM 161120]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/28/2011 2:34 PM 870200]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [8/25/2004 6:09 PM 9984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/21/2011 7:39 PM 105592]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [4/9/2006 11:14 AM 472644]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/22/2009 11:12 PM 9216]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [11/23/2009 12:02 AM 3351]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*NewlyCreated* - PCALERTDRIVER
*NewlyCreated* - RUSHTOPDEVICE
*NewlyCreated* - VPROEVENTMONITOR
*Deregistered* - ATWPKT2
*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ    getPlusHelper
WINRM   REG_MULTI_SZ    WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-10 c:\windows\Tasks\AMD 3200 Complete Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
.
2009-01-04 c:\windows\Tasks\Full Backup System1.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
.
2011-04-24 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-04-26 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {D822C7BD-037E-4E2F-9A19-6FD304CAA4F6} = 68.87.74.162,68.87.68.162
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll
SafeBoot-svcWRSSSDK
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 21:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-21 21:50:23
ComboFix-quarantined-files.txt 2011-05-22 01:50
.
Pre-Run: 43,083,403,264 bytes free
Post-Run: 43,269,476,352 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
[spybotsd]
timeout.old=30
.
- - End Of File - - C0150E3C6FDE02B0D70908772D3E57A0

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 09:14:05 PM

Can you do the following for me please
Run the next tools and post the logs

1. Run OTL.exe and do a Quick Scan, post the log that opens

2. Download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

3. Download [color="#FF0000"]aswMBR.exe[/color] (http://"http://public.avast.com/%7Egmerek/aswMBR.exe") to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
Click Save log button and Save the aswMBR.log to the desktop
Post content of that log here for me

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 09:30:34 PM

Here's the OTL log. I'm working on the other ones.

OTL logfile created on: 5/21/2011 10:24:33 PM - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 40.28 Gb Free Space | 27.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 60.96 Gb Free Space | 81.81% Space Free | Partition Type: NTFS

Computer Name: AMD3200 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/05/05 23:04:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1187843131\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/01 14:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/01 14:46:02 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/11 09:59:02 | 000,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2005/09/09 20:09:24 | 001,537,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/12/29 08:01:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/08/25 18:31:40 | 000,147,456 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2004/08/20 19:02:00 | 000,826,368 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/06/18 04:31:02 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/04/07 14:09:48 | 000,118,784 | R--- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE

========== Modules (SafeList) ==========

MOD - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/08/25 18:29:00 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/13 17:34:23 | 000,042,312 | R--- | M] (AOL Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/01 14:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/11 09:59:02 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/01/23 18:36:03 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2011/05/21 18:44:40 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)
DRV - [2011/05/21 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110521.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/21 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110521.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/16 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/04/21 14:55:18 | 000,018,872 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys -- (RapportIaso)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2006/10/17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/08 11:03:36 | 000,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/25 17:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2005/12/11 09:59:02 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/09 20:09:22 | 000,017,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys -- (VPROEVENTMONITOR)
DRV - [2005/09/09 20:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 20:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/01/11 09:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/25 18:09:14 | 000,009,984 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2004/08/20 19:03:02 | 000,021,632 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/06/21 04:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/26 20:55:42 | 000,037,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/23 23:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/16 12:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/05/27 17:45:06 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsp.sys -- (Vsp)
DRV - [2003/04/14 12:00:40 | 000,032,512 | R--- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/10/18 13:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1998/11/27 16:57:18 | 000,006,144 | R--- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 F9 C9 7E 59 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/07 04:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/27 17:34:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/27 17:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 23:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:57:38 | 000,000,000 | ---D | M]

[2008/10/24 19:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2011/03/23 12:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions
[2010/05/02 08:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 21:00:30 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/05/09 22:14:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\[email protected]
[2011/03/23 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 11:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 16:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 16:17:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 18:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 21:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/06/07 07:03:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 23:04:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/07 21:48:41 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/12/07 21:48:06 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/21 21:47:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} http://www.schaeffersresearch.com/download/CfxIEAx.cab (ChartFX Internet Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921 (MUWebControl Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://oxps.webex.com/client/T26L/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/29 17:56:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 22:24:02 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2011/05/21 21:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/21 21:33:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/21 21:33:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/21 21:33:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/21 21:33:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/21 21:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/21 17:45:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/21 16:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Desktop\tdsskiller
[2011/05/21 16:06:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/20 15:27:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/06 16:24:04 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/06 14:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/05/06 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/05 22:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 22:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/04/28 14:34:50 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/26 22:19:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2011/04/26 21:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\PackageAware
[2011/04/26 19:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2011/04/26 19:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/26 19:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 19:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/26 19:29:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/26 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 12:36:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
[2011/04/26 11:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/26 11:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/25 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbo Tax
[2011/04/25 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Turbo Tax
[2010/08/08 23:00:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bruce\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/21 22:24:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2011/05/21 22:23:38 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\SecurityCheck.exe
[2011/05/21 22:08:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/21 22:05:39 | 000,178,882 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/21 22:04:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 22:04:04 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/21 21:47:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/21 21:38:35 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2011/05/21 19:44:54 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeleChart.lnk
[2011/05/21 19:16:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/21 19:16:10 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Word 2003.lnk
[2011/05/21 18:44:01 | 000,000,251 | ---- | M] () -- C:\Boot.bak
[2011/05/21 17:57:25 | 000,024,048 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.JPG
[2011/05/21 17:48:37 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.bmp
[2011/05/21 17:35:13 | 004,352,705 | R--- | M] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix.exe
[2011/05/21 16:34:06 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\tdsskiller.zip
[2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/19 21:25:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/15 21:53:04 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-162909.backup
[2011/05/06 22:25:30 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/05 22:58:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 15:36:13 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153652.backup
[2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/26 19:29:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 14:29:12 | 000,432,016 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153613.backup
[2011/04/26 11:24:06 | 000,250,532 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/04/26 11:21:59 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/26 10:59:28 | 000,002,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-112406.backup
[2011/04/26 00:05:27 | 000,434,571 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-105928.backup
[2011/04/25 23:09:18 | 000,168,432 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/04/24 03:00:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/23 00:07:11 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/05/21 22:23:37 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\SecurityCheck.exe
[2011/05/21 21:38:35 | 000,000,251 | ---- | C] () -- C:\Boot.bak
[2011/05/21 21:38:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/21 21:33:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/21 21:33:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/21 21:33:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/21 21:33:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/21 21:33:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/21 18:37:57 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 17:57:25 | 000,024,048 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.JPG
[2011/05/21 17:48:36 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.bmp
[2011/05/21 17:35:12 | 004,352,705 | R--- | C] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix.exe
[2011/05/21 16:34:04 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\tdsskiller.zip
[2011/05/06 22:25:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/05 22:58:07 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/26 22:21:50 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/04/26 19:29:15 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 11:21:59 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Bruce\Start Menu\Programs\Internet Explorer.lnk
[2011/04/25 23:09:18 | 000,168,432 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/02/21 10:37:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/01/12 00:10:56 | 001,593,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 10:40:38 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/12/04 10:40:37 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/08/08 23:00:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.cat
[2010/08/08 23:00:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.inf
[2010/06/26 11:00:27 | 000,048,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/11 22:26:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\default.pls
[2009/11/23 00:02:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2009/11/23 00:02:07 | 000,003,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsp.sys
[2009/09/05 11:57:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 20:37:40 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/18 20:37:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/18 20:37:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/18 20:37:37 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/18 20:37:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/18 20:37:35 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/18 20:37:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/18 20:37:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/26 16:22:18 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/26 16:22:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/26 16:22:10 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/28 22:17:00 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/10 15:37:48 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/10 15:25:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\asym.ini
[2008/02/10 15:22:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\IVCI.INI
[2007/11/03 12:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/03 22:48:27 | 000,002,209 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2006/11/14 00:22:05 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/08/06 17:04:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2006/08/06 16:15:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/06/27 19:38:00 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/19 21:48:25 | 000,001,386 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/04/13 19:53:31 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/04/09 11:19:04 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast_sav.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2006/04/09 11:18:31 | 000,033,837 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006/04/09 11:18:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006/04/09 11:16:19 | 000,002,443 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2006/02/04 16:41:38 | 000,000,696 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/11 10:08:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2005/12/11 00:25:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\HotComm.INI
[2005/11/29 21:05:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/22 21:09:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/22 21:09:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/03/27 13:56:02 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/14 15:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/01/02 23:03:13 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/02 22:22:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/21 18:22:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2004/12/21 11:15:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/14 22:45:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/11 12:23:25 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2004/11/30 01:31:03 | 000,002,769 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/11/30 01:04:24 | 000,000,766 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/29 22:48:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/29 19:47:05 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/11/29 19:39:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/11/29 19:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/11/29 19:09:48 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/11/29 19:09:44 | 000,014,923 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/29 18:39:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/29 18:22:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/29 17:58:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/29 17:54:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/29 12:49:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/29 12:49:10 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/11 03:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 06:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 06:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 06:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004/06/30 16:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 14:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2004/01/29 20:45:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 12:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/11/22 12:49:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,541,282 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,099,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/12/10 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2007/12/07 01:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/12/07 01:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/01/01 21:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2007/12/07 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/04 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/05/07 10:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 12:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/12/07 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/08 23:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/04/26 22:19:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2010/06/23 11:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/28 10:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/30 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/27 10:04:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706}
[2011/04/26 12:36:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
[2010/08/08 23:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\1clickPro
[2007/12/07 01:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\A2Soft Shared
[2009/11/22 17:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Blitware
[2007/12/07 01:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\BlocksPlayer
[2007/12/07 01:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Centra
[2008/10/25 14:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/07 01:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Copernic
[2010/01/08 22:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\ImgBurn
[2007/12/07 01:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Leadertech
[2009/01/01 21:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Maxtor Quick Start
[2010/01/04 00:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\MP3toiPodAudioBookConverter
[2007/12/12 09:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\NesterSoft
[2007/12/07 01:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Netscape
[2007/12/07 01:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\ScanSoft
[2009/05/06 08:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Snapfish
[2010/12/04 12:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Softland
[2010/12/04 10:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\SolidDocuments
[2009/11/22 22:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\SystemRequirementsLab
[2011/02/14 11:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\TeamViewer
[2007/12/07 01:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\The Blocks Company, LLC
[2007/12/07 01:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\The Labyrinth Plus! Edition
[2011/04/21 12:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Trusteer
[2009/08/16 22:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Viewpoint
[2010/08/08 23:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Vso
[2007/12/07 01:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\VSO_HWE
[2011/04/21 13:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\WebEx
[2010/09/08 16:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Windows Search
[2010/12/09 16:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
[2011/01/10 02:01:00 | 000,000,826 | ---- | M] () -- C:\WINDOWS\Tasks\AMD 3200 Complete Backup.job
[2009/01/04 03:00:00 | 000,000,802 | ---- | M] () -- C:\WINDOWS\Tasks\Full Backup System1.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\SSCCleanup.exe:SummaryInformation
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 09:36:22 PM

Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Symantec AntiVirus
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player    10.3.181.14
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 09:39:13 PM

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 22:37:34
-----------------------------
22:37:34.578   OS Version: Windows 5.1.2600 Service Pack 3
22:37:34.578   Number of processors: 1 586 0xC00
22:37:34.578   ComputerName: AMD3200 UserName: Bruce
22:37:35.171   Initialize success
22:37:43.015   Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
22:37:43.015   Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 1
22:37:43.015   Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target2Lun0
22:37:43.031   Disk 1 Vendor: WDC_WD80 05.0 Size: 76319MB BusType: 1
22:37:43.031   Disk 0 MBR read successfully
22:37:43.031   Disk 0 MBR scan
22:37:43.031   Disk 0 unknown MBR code
22:37:43.031   Disk 0 scanning sectors +312576705
22:37:43.078   Disk 0 scanning C:\WINDOWS\system32\drivers
22:37:50.453   Service scanning
22:37:51.890   Disk 0 trace - called modules:
22:37:51.890   ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
22:37:51.890   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab28030]
22:37:51.890   3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x8ab84588]
22:37:52.390   Scan finished successfully
22:38:28.484   Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
22:38:28.484   The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 10:28:02 PM

Are you having any problems with Internet Explorer or Firefox?
Any redirects or problems accessing sites?

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 21, 2011, 10:34:54 PM

Both browsers seem to be working fine.

I haven't seen any redirects or problems accessing sites.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 21, 2011, 11:25:16 PM

Let's try a bit of cleanup and updating some unsecure software

Go to START>>RUN>>copy/paste the next line in blue and Hit OK

[color="#0000FF"]ComboFix /uninstall
[/color]
This will uninstall ComboFix and it's components

Access your Add and Remove programs
Uninstall all versions and updates of Sun Java, don't reboot if prompted
We will reboot later
Uninstall all the following:
Java™ 6 Update 24
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 7

In addition, the following may have been preinstalled, or unknowing installed
If you didn't intentionally install the next software, I would opt to uninstall
Viewpoint Media Player

Your version of SpywareBlaster is outdated
Do the following:
Open SpywareBlaster, you should find it's shortcut on Desktop or in
START>>All Programs>>SpywareBlaster folder,
or in the C:\Programs Files\SpywareBlaster folder,
when it loads, under the main window, Disable All Protections
After you have them disabled
Close spywareblaster and uninstall it from Add and Remove programs

Download and save to desktop JavaRA from the following link
http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download
Extract to it's own folder
Open the folder and double click on JavaRa.exe
Choose 'English' then click "Select"
Under "Additional tasks" select the top 3 selections and also the bottom 2 selections
Then click GO
OK all the prompts, close the box afterwards
Ensure all browser windows are closed and choose "Remove older versions"

A log will open, you can just close it and delete JavaRa

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
:Files
C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
C:\Documents and Settings\Bruce\Desktop\SecurityCheck.exe
C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.JPG
C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.bmp
C:\Documents and Settings\Bruce\Desktop\tdsskiller.zip
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
:Commands
[EmptyTemp]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, you can just close it and delete the log

After the restart:

Update SpywareBlaster

SpywareBlaster by JavaCool (http://"http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html?part=dl-SpywareBl&subj=dl&tag=button")
Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
IMPORTANT>>"Check for updates at least once a month"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

[color="blue"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) (http://"http://java.sun.com/javase/downloads/index.jsp").
Scroll down to where it says "Java SE 6 Update 25".
Click the "Download JRE" button to the right.
In the Window that opens, Check Accept License Agreement.
Click on the link next to Windows x86 Offline to download and save to your desktop.
Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.

NOTE: Java installs a Quick starter service that is not really required, you can disable this after every update by the following:
Open Windows Control Panel and open the Java icon
Click on 'Advanced' >>Expand (+) on Miscellaneous
Untick "Java Quick Starter"
Apply and OK out of there

Restart the computer to set.

Come back and now let me know how things are again running

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 22, 2011, 12:18:51 PM

Didn't realize you had gone to page 2 so I didn't see your post last night.

I removed ComboFix and Viewpoint Media Player.

I am getting error messages and unable to remove.

J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) SE Runtime Environment 6 Update 3

I will go through the rest of your list and get back to you on the Java issues.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 22, 2011, 02:10:06 PM

Okay, here's where I'm at.

Still unable to remove old versions of Java.

These remain:
[indent]

J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ SE Runtime Environment 6 Update 3

[/indent]When I try to remove them using Ad/Remove Programs I get one of two error messages.

[indent]J2SE Runtime Environment 5.0 Update 4
You already have this version of the JRE installed.
Please uninstall the product through the ad/remove
programs utility before reinstalling.
[/indent]
I get this message while using the ad/remove program.

When I try to remove Java™ SE Runtime Environment 6 Update 1
I get a different error.

[indent]Add or Remove Programs
Error applying transforms. Verify that the specified transform paths are valid.

[/indent]I uninstalled Viewpoint Media Player.

Successfully uninstalled SpywareBlaster.

I installed and ran JavaRA.
[indent]It did not appear to run the last line: Remove Java console extention
It also did not remove the old versions of Java

[/indent]I ran OLT as you instructed.
I installed and updated SpywareBlaster.
Did not try to install the updated version of Java due to uninstall problems of old versions.
[indent]
[/indent][indent]
[/indent]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 22, 2011, 02:14:42 PM

This is the log from JavaRA.

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}

Found and removed: Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun May 22 13:28:28 2011

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0_01

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun May 22 13:31:44 2011

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun May 22 14:46:35 2011

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_20

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\Bruce\Application Data\Sun\Java\jre1.6.0_23

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.150_04

Found and removed: Software\Classes\JavaPlugin.150_06

Found and removed: Software\Classes\JavaPlugin.150_09

Found and removed: Software\Classes\JavaPlugin.150_10

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\JavaSoft\Java Update

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun May 22 15:10:29 2011

------------------------------------

Finished reporting.

After running JavaRA when you look in add/remove programs it still shows the following versions as installed.

[indent]

J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ SE Runtime Environment 6 Update 3

[/indent]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 22, 2011, 02:25:37 PM

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

In addition, reopen Hijackthis, run "Do a System Scan and save logfile"
Copy/paste the contents of the log back here please when completed

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 22, 2011, 07:02:19 PM

Here's the uninstall_list.txt file.

1Click DVD Copy Pro 3.2.6.0
A4Tech iWheelWorks 7.64
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 9.4.4
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Coach Version 1.0(Build:20030807.3)
AOL Uninstaller (Choose which Products to Remove)
AOPA's Real-Time Flight Planner 1.2.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar Platform
Bonjour
CamStudio
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Centra Client
Compatibility Pack for the 2007 Office system
Copernic Agent Basic
Core Center
Critical Update for Windows Media Player 11 (KB959772)
DiscWizard for Windows
doPDF 6.2 printer
Dragon NaturallySpeaking 8
Driver's Log Version 3.19
Dual DVD Copy (remove only)
DVD Decrypter (Remove Only)
DVD X Copy Platinum 4.0.3
DVD X Rescue
DVD43 v3.6.2
GARMIN 400 Series Trainer
getPlus(R) for Adobe
GoldenEagle
Google Earth
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
I.R.I.S. OCR
ImgBurn
iPod for Windows 2005-06-26
iPod for Windows 2006-06-28
IrfanView (remove only)
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 3.1 (Symantec Corporation)
Liveupdate4
Logitech Gaming Software
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Marketsplash Shortcuts
Maxtor Central Axis Manager
Maxtor Central Axis Manager
MemoryLifter2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Speakerphone Modem
Mozilla Firefox 4.0.1 (x86 en-US)
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MyDVD
nanoPEG-Editor 2.3 Hauppauge Edition
Nero 8 Essentials
neroxml
NirSoft BlueScreenView
Norton Ghost 10.0
NVIDIA Drivers
NVIDIA WDM Drivers
Online Manuals for WinTV (English)
Palm Desktop
PowerDVD
QuickTime
Rapport
Rapport
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 6.0
Rhapsody Player Engine
Rhapsody Player Engine
Schaeffer's Education Series - Bernie Schaeffer's Options 101
Schaeffer's Education Series - Mastering Advanced Option Strate
Secure Conference Components 1.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShowBiz
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
Symantec AntiVirus
System Requirements Lab
TeamViewer 6
TeleChart 2007
The King Instrument CD-ROM Course Version 2.2e
thinkorswim
TimeLeft
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (MXO)
VC 9.0 Runtime
VC 9.0 Runtime
VCRedistSetup
VIA Audio Driver Setup Program
VIA Platform Device Manager
VideoLAN VLC media player 0.8.6c
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualRoute
WebEx
WexTech AnswerWorks
Winamp (remove only)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage v1.3.0254.0
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xtend
Xtend
Yahoo! SiteBuilder
ZoneAlarm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:49 PM, on 5/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Download Files\Trend Micro HijackThis v2.0.4\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [WheelMouse] "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] "C:\WINDOWS\MXOALDR.EXE"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Download/Cfx4Financial.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://oxps.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D822C7BD-037E-4E2F-9A19-6FD304CAA4F6}: NameServer = 68.87.74.162,68.87.68.162
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Services) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14553 bytes

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 22, 2011, 09:10:51 PM

Open hijackthis>>then "Open the Misc tools section"
Click to "Open Uninstall Manager..."
Highlight, one at a time, each of the following entries
and select "Delete this Entry"
YES to the prompt
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1

Close Hijackthis when complete
Go ahead and install Sun Java SE 6 update 25 from my previous instructions

Keep me informed how things are now running

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 12:14:59 AM

I followed your instructions for Hijackthis.

The entries you listed were removed from the list in Hijackthis but they are still listed in Add/Remove Programs.

I did install Sun Java SE 6 update 25 and it is also listed in Add/Remove Programs.

The system has been running well all day. No error messages other than the ones I got when I tried to remove the old java files.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 12:49:20 AM

It's not a big deal, the old entries from Java are just leftovers
But let's see if we can remove them
=Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as uninstall.bat

Code: [Select]

@echo off
regedit /e C:\uninstall.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
more C:\uninstall.reg >> C:\uninstall.txt
notepad C:\uninstall.txt
del /q c:\uninstall.reg

Save this file on the desktop
Double click on uninstall.bat, a text file will open, I want to see the contents
But could you upload it please
A copy of that log can be found at C:\uninstall.txt

To upload, in a Reply box, click on Browse...
Browse to C:\uninstall.txt and select it, then Attach the file

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 08:35:42 AM

Here is the Uninstall.txt file you requested.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 10:56:58 AM

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216019FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216021FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216023FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216024FB}]
:Commands
[Reboot]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Are the entries now gone from Add/Remove?

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 11:11:43 AM

Here's the OTL log file.

The entries are still in Add/Remove.

========== OTL ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216013FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216017FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216019FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216019FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216020FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216021FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216021FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216022FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216023FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216023FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216024FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216024FB}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05232011_115909

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 11:16:48 AM

When I clicked on one of the entries in Add/Remove it is there but the "Remove" button is missing. This is true for all of the Java entries except Java (TM) 6 update 25.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 11:35:00 AM

Can you do me a favor, if you install Windows Installer Cleanup utility from this direct link
Save to desktop then install
Click Here (http://"http://www.softpedia.com/dyn-postdownload.php?p=18442&t=4&i=1")

After installation go to Start>>All Programs>>Windows Install Cleanup
Do you see any of those older versions of Java?
I'm suspecting that running Registry Mechanic may have corrupted the uninstallers?

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 01:53:39 PM

These are the Java entries in Windows Installer Cleanup:

[indent](All Users) J2SE Runtime Environment 5.0 Update 10 [1.5.0.100]
(All Users) J2SE Runtime Environment 5.0 Update 4 [1.5.0.40]
(All Users) J2SE Runtime Environment 5.0 Update 6 [1.5.0.60]
(All Users) J2SE Runtime Environment 5.0 Update 9 [1.5.0.90]
(All Users) Java Auto Updater [2.0.4.1]
(All Users) Java(TM) 6 Updater 25 [6.0.250]
(All Users) Java(TM) 6 Updater 3 [1.6.0.30]
(All Users) Java(TM) SE Runtime Environment 6 Update 1 [1.6.0.10]

[/indent]Before I asked for your help I did install and run Registry Mechanic because it seemed like the viruses had messed up some of the registry settings. I ran it once only, but it found over 2000 "issues" and I told it to "repair all".

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 02:07:29 PM

I'm just on my way out, be back in a couple hours
In the meantime, can you do the following please

Open Windows Cleanup Tool
Highlight one at a time the following ONLY, and click REMOVE>>>OK the prompt

(All Users) J2SE Runtime Environment 5.0 Update 10 [1.5.0.100]
(All Users) J2SE Runtime Environment 5.0 Update 4 [1.5.0.40]
(All Users) J2SE Runtime Environment 5.0 Update 6 [1.5.0.60]
(All Users) J2SE Runtime Environment 5.0 Update 9 [1.5.0.90]
(All Users) Java™ 6 Updater 3 [1.6.0.30]
(All Users) Java™ SE Runtime Environment 6 Update 1 [1.6.0.10]

After the last of those 6 are removed
Reboot the computer

Let me know how that goes, are the entries now removed?

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 03:00:35 PM

Looks like you got it that time! The only java entry left in Add/Remove is Java™ 6 Updater 25.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 04:57:14 PM

I would uninstall Windows Cleanup tool from Add/Remove programs, it's no longer needed

Open OTL.exe and choose the CLEANUP button, let it run it's course, reboot the computer at the prompt
Come back one last time and let me know how things are now, I'll lock this topic afterwards if everything is fine

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 09:25:12 PM

I uninstalled Windows Cleanup Tool.
Ran OTL Cleanup.

I spent the evening running all the programs that I normally use and found a few that had problems, but I was able to sort through them and get them running.

However, I do have two issues that I need to fix.

1. Yahoo Site Builder won't open and I use it to maintain a web site that I designed.
[indent]I figured out why it won't open but haven't figured out how to fix it..
When you click on the Site Builder icon it fires off a batch file "ysitebuilder.bat".
The contents of that file are:

"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" -cp "F:\Program Files\Yahoo SiteBuilder\install.jar" RunSiteBuilder

Unfortunately it looks like it is trying to use one of the older java versions that we removed. I'm thinking that I may be able to find that version and reinstall it from javas support files.

[/indent]2. My software WinTV2000 for my Hauppauge TV Tuner won't open. It opens a splash screen and then sits there with the CPU pegged at 99% for that process. I have to kill the process to use the computer.
[indent]

[/indent]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 09:41:54 PM

Let's try and deal with the first problem
Is that the whole contents of ysitebuilder.bat?
You are able to right click on it and select edit, correct?

Edit>>If that is the whole contents
I was wondering what would happen if we changed the path to the updated copy of Java
Which should read

C:\Program Files\Java\jre6\bin\javaw.exe

So instead of having
[color="#008000"]"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" -cp "F:\Program Files\Yahoo SiteBuilder\install.jar" RunSiteBuilder[/color]

It should probably read
[color="#0000FF"]"C:\Program Files\Java\jre6\bin\javaw.exe" -cp "F:\Program Files\Yahoo SiteBuilder\install.jar" RunSiteBuilder[/color]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 10:25:23 PM

I thought of that before you responded. Tried it and it didn't work. When you click on the Site Builder icon nothing happens.

I'm also trying to uninstall and reinstall the WinTV2000 software but am running into problems.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 10:36:07 PM

Have you thought about trying to unistall SiteBuilder and reinstalling it?
I don't use it, but this link may help
http://help.yahoo.com/l/us/yahoo/smallbusiness/webhosting/sitebuilder2/trouble-install/trouble-install-01.html

Quote

I'm also trying to uninstall and reinstall the WinTV2000 software but am running into problems.

Need more info

Edit>>I'm installing Sitebuilder on my Virtual Machine
During install, it does find the correct path to execute to javaw.exe
This may be the route to go

Edit again>> The correct path should read
[color="#0000FF"]"C:\Program Files\Java\jre6\bin\javaw.exe" -cp "F:\Program Files\Yahoo SiteBuilder\install.jar" RunSiteBuilder ""[/color]

I'll assume, Yahoo SiteBuilder is in your F: drive?
Notice the quotes, all of them

Also, the contents of update.bat
should read
[color="#FF0000"]"C:\Program Files\Java\jre6\bin\javaw.exe" -cp "F:\Program Files\Yahoo SiteBuilder\install.jar" UpdateSiteBuilder ""[/color]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 23, 2011, 11:35:52 PM

It's 12:25 AM here. I'm gonna get some sleep and I'll work on this tomorrow.

I am hesitant to uninstall Site Builder until I am sure it won't cause any issues with my web site.

Yahoo site builder is on my F: drive.

This is what is currently in the .bat file:

"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" -cp "F:\Program Files\Yahoo SiteBuilder\install.jar" RunSiteBuilder

I was able to find jre-6u3-windows-i586-p-s.exe online but didn't want to install it without asking you if that would cause other problems.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 23, 2011, 11:54:15 PM

I corrected the paths to read installed to F: drive

That is a fresh install of Sitebuilder, how ysitebuilder.bat and update.bat should read
Your path is not complete!

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 24, 2011, 09:52:14 AM

Good catch. I must have chopped off the double quotes at the end of the string when I cut and pasted.
I added them and Site Builder now works.

My WinTV software is by a company called Hauppauge.

I found a lot of support information at
[indent] http://www.hauppauge.com/site/support/support_pci_878.html
[/indent]I will download and install the latest drivers and application software from that site.

I tried to load the original disk that I had which was version 5.9C. It partially loaded but then gave me an error saying something about running the install program with administrator privileges, but I do have administrator privileges.

I found this info on the web site, so I'm going to try their suggestion right now.

[indent]

If you are having problems:

If you are having trouble with the WinTV installation on Windows XP, download and run the Hcwclear (http://"http://hauppauge.lightpath.net/software/wintv98/hcwclear.exe") utility and run this to remove the existing WinTV files from the system. Choose "total removal" and put a checkmark in the box for "Search all .INF files for conflicting Bt8xx hardware" and click OK.

Download the driver and application and follow the instructions on the following WEB page. www.hauppauge.com/html/sw_wcst.htm#wdm (http://"http://www.hauppauge.com/html/sw_wcst.htm#wdm")

[/indent]

I'll let you know if it works.

[indent] [/indent]

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 24, 2011, 10:18:51 AM

good to hear SiteBuilder is back working for you
Let's see how Hauppauge software goes

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: ba5852 on May 24, 2011, 11:28:23 AM

Success! WinTV is up and running.

I want to thank you for all of your help. You have been fantastic.

You saved me days of having to reload my entire system from scratch.

I have gone through the programs on the computer vary thoroughly and haven't found any more issues.

To show my appreciation I am going to make a donation.

Title: PC Rendered Unuseable Due To Trojan Infection
Post by: guestolo on May 24, 2011, 01:45:50 PM

Thanks very much for the donation
I'll lock this topic as your problems are resolved

Take care ba5852

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

TheTechGuide Forum

General Category => Tech Clinic => Topic started by: ba5852 on May 19, 2011, 08:40:40 AM