PC Rendered Unuseable Due To Trojan Infection

[ba5852]

I have tried unsuccessfully to remove virus/trojans from this computer for about 60 hours. I would really appreciate some help.

It is a Windows XP SP3 desktop. I can access the Internet in Safe Mode but the computer freezes up in Normal Mode. After normal mode boot system runs extremely slow. If I click on Start/Control Panel the system freezes before Control Panel menu can open. The mouse moves around but you can't click on anything and the only was out is to reboot.

This all started when I was online and noticed that one of my security programs was warning me that it was blocking Internet Explorer from accessing various web sites. I started getting the message once every few second with a different web site each time. I figured I had probably picked up a trojan that was trying to download other malicious software so I isolated the computer from the network and a scan with Spybot Search & Destroy. The results of that scan were:

win32.tdss.dt
fraud.ultraantivirus2009
microsoft.windows.infectedhostfile
virtumonde.sci
win32.agent.ws
greenape inc

I had Spybot remove the above list (supposedly).

After reboot as desktop was loading I got two error messages:
    Windows cannot find C:\Documents~\Bruce\Local~\Temp\UninstalllockedSOSfiles
    Windows cannot find C:\Windows\is-VE64T.exe

I then ran Malwarebytes and no items were detected.

Still getting messages about missing files on reboot.

Tried to install Ad-Aware but it freezes during the install process

Ran Trend Micro HouseCall ver 7.1 and it found 1 threat (Troj_generic.adv). I selected Fix that file.

Ran Malwarebytes "quick scan" - nothing found
Ran HouseCall again - nothing found

Had read online that Rapport security software that I had downloaded from Bank of America site could cause system problems and slow downs so I tried to uninstall Rapport. Windows Installer would not run in Safe Mode so I rebooted in normal mode and tried to uninstall Rapport again. The Windows Installer froze even though Task Manager indicated it was running.

I have also run SpySweeper scans with nothing detected and SuperAntiSpyware scans.

I could really use some help at this point.

[ba5852]

[quote name='ba5852' date='19 May 2011 - 08:40 AM' timestamp='1305812440' post='479495']
I have tried unsuccessfully to remove virus/trojans from this computer for about 60 hours. I would really appreciate some help.

It is a Windows XP SP3 desktop. I can access the Internet in Safe Mode but the computer freezes up in Normal Mode. After normal mode boot system runs extremely slow. If I click on Start/Control Panel the system freezes before Control Panel menu can open. The mouse moves around but you can't click on anything and the only was out is to reboot.

This all started when I was online and noticed that one of my security programs was warning me that it was blocking Internet Explorer from accessing various web sites. I started getting the message once every few second with a different web site each time. I figured I had probably picked up a trojan that was trying to download other malicious software so I isolated the computer from the network and a scan with Spybot Search & Destroy. The results of that scan were:

win32.tdss.dt
fraud.ultraantivirus2009
microsoft.windows.infectedhostfile
virtumonde.sci
win32.agent.ws
greenape inc

I had Spybot remove the above list (supposedly).

After reboot as desktop was loading I got two error messages:
    Windows cannot find C:\Documents~\Bruce\Local~\Temp\UninstalllockedSOSfiles
    Windows cannot find C:\Windows\is-VE64T.exe

I then ran Malwarebytes and no items were detected.

Still getting messages about missing files on reboot.

Tried to install Ad-Aware but it freezes during the install process

Ran Trend Micro HouseCall ver 7.1 and it found 1 threat (Troj_generic.adv). I selected Fix that file.

Ran Malwarebytes "quick scan" - nothing found
Ran HouseCall again - nothing found

Had read online that Rapport security software that I had downloaded from Bank of America site could cause system problems and slow downs so I tried to uninstall Rapport. Windows Installer would not run in Safe Mode so I rebooted in normal mode and tried to uninstall Rapport again. The Windows Installer froze even though Task Manager indicated it was running.

I have also run SpySweeper scans with nothing detected and SuperAntiSpyware scans.

I could really use some help at this point.
[/quote]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:29 AM, on 5/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Common Files\AOL\1187843131\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Download Files\Trend Micro HijackThis v2.0.4\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [WheelMouse] "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] "C:\WINDOWS\MXOALDR.EXE"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-VE64T.exe" /REG
O4 - HKLM\..\RunOnce: [UninstallLockedSOSFiles] C:\DOCUME~1\Bruce\LOCALS~1\Temp\UninstallLockedSOSFiles.lnk
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Download/Cfx4Financial.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://oxps.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D822C7BD-037E-4E2F-9A19-6FD304CAA4F6}: NameServer = 68.87.74.162,68.87.68.162
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Services) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

--
End of file - 14556 bytes

[guestolo]

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and double click on OTL.exe to run it
• Under the Custom Scan box paste this in, the contents in Blue

[color="#0000FF"]
msconfig
[/color]

• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  

[ba5852]

OTL logfile created on: 5/20/2011 3:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 42.30 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 60.96 Gb Free Space | 81.81% Space Free | Partition Type: NTFS
 
Computer Name: AMD3200 | User Name: Bruce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/05/05 15:43:11 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/05/05 15:43:04 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/05 15:43:11 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/01/27 11:51:04 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/13 17:34:23 | 000,042,312 | R--- | M] (AOL Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/01 14:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/11 09:59:02 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/01/23 18:36:03 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/04/21 14:55:18 | 000,018,872 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/21 13:55:07 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/04/18 18:05:08 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/04/18 18:05:06 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/04/18 18:05:04 | 000,047,120 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110425.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110425.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/13 17:34:53 | 000,024,904 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2006/10/17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/08 11:03:36 | 000,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/25 17:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2005/12/11 09:59:02 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/09 20:09:22 | 000,017,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys -- (VPROEVENTMONITOR)
DRV - [2005/09/09 20:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 20:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/01/11 09:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/25 18:09:14 | 000,009,984 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2004/08/20 19:03:02 | 000,021,632 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/06/21 04:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/26 20:55:42 | 000,037,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/23 23:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Stopped] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/16 12:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/05/27 17:45:06 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsp.sys -- (Vsp)
DRV - [2003/04/14 12:00:40 | 000,032,512 | R--- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/10/18 13:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1998/11/27 16:57:18 | 000,006,144 | R--- | M] (Erik Salaj) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 F9 C9 7E 59 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/07 04:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/27 17:34:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/27 17:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 23:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:57:38 | 000,000,000 | ---D | M]
 
[2008/10/24 19:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2011/03/23 12:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions
[2010/05/02 08:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 21:00:30 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/05/09 22:14:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\[email protected]
[2011/03/23 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 11:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 16:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 16:17:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 18:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 21:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/06/07 07:03:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 23:04:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/07 21:48:41 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/12/07 21:48:06 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/05/19 16:29:09 | 000,433,784 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14955 more lines...
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] File not found
O4 - HKLM..\RunOnce: [UninstallLockedSOSFiles] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\Printkey2000.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} http://www.schaeffersresearch.com/download/CfxIEAx.cab (ChartFX Internet Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921 (MUWebControl Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://oxps.webex.com/client/T26L/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/29 17:56:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b290139a-2f04-11df-8097-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b290139a-2f04-11df-8097-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b290139a-2f04-11df-8097-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/20 15:27:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/06 16:24:04 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/06 14:32:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2011/05/06 14:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/05/06 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/05 22:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 22:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/26 22:21:50 | 000,017,472 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\SsiEfr.exe
[2011/04/26 22:21:49 | 000,047,120 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2011/04/26 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot
[2011/04/26 22:19:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2011/04/26 22:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\webroot
[2011/04/26 21:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\PackageAware
[2011/04/26 19:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2011/04/26 19:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/26 19:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 19:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/26 19:29:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/26 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 12:36:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
[2011/04/26 11:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/26 11:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/25 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbo Tax
[2011/04/25 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Turbo Tax
[2011/04/21 17:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\Trusteer
[2011/04/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Trusteer
[2011/04/21 12:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2011/04/21 12:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Rapport
[2011/04/21 12:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/08 23:00:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bruce\Application Data\pcouffin.sys
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/20 15:23:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/20 15:21:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 21:25:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/19 16:29:09 | 000,433,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/19 10:15:26 | 000,000,251 | RHS- | M] () -- C:\boot.ini
[2011/05/19 10:13:05 | 000,178,882 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/19 10:10:12 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2011/05/16 07:55:01 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/05/15 21:53:04 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-162909.backup
[2011/05/07 23:55:15 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Word 2003.lnk
[2011/05/06 22:25:30 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/06 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/05/05 22:58:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 15:36:13 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153652.backup
[2011/04/27 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/26 22:19:42 | 000,002,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/04/26 20:40:12 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/26 19:29:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 14:29:12 | 000,432,016 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153613.backup
[2011/04/26 11:24:06 | 000,250,532 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/04/26 11:21:59 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/26 10:59:28 | 000,002,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-112406.backup
[2011/04/26 00:05:27 | 000,434,571 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-105928.backup
[2011/04/25 23:09:18 | 000,168,432 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/04/24 03:28:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/04/24 03:00:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/23 00:07:11 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/06 22:25:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/05 22:58:07 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/26 22:21:50 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/04/26 22:19:42 | 000,002,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/04/26 19:29:15 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 11:21:59 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Bruce\Start Menu\Programs\Internet Explorer.lnk
[2011/04/25 23:09:18 | 000,168,432 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/02/21 10:37:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/01/12 00:10:56 | 001,593,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 10:40:38 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/12/04 10:40:37 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/08/08 23:00:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\inst.exe
[2010/08/08 23:00:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.cat
[2010/08/08 23:00:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.inf
[2010/06/26 11:00:27 | 000,048,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/11 22:26:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\default.pls
[2009/11/23 00:02:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2009/11/23 00:02:07 | 000,003,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsp.sys
[2009/09/05 11:57:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 20:37:40 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/18 20:37:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/18 20:37:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/18 20:37:37 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/18 20:37:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/18 20:37:35 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/18 20:37:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/18 20:37:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/26 16:22:18 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/26 16:22:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/26 16:22:10 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/28 22:17:00 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/10 15:37:48 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/10 15:25:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\asym.ini
[2008/02/10 15:22:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\IVCI.INI
[2007/11/03 12:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/03 22:48:27 | 000,002,209 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2006/11/14 00:22:05 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/08/06 17:04:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2006/08/06 16:15:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/06/27 19:38:00 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/19 21:48:25 | 000,001,386 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/04/13 19:53:31 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/04/09 11:19:04 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast_sav.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2006/04/09 11:18:31 | 000,033,837 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006/04/09 11:18:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006/04/09 11:16:19 | 000,002,443 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2006/02/04 16:41:38 | 000,000,696 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/11 10:08:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2005/12/11 00:25:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\HotComm.INI
[2005/11/29 21:05:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/22 21:09:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/22 21:09:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/03/27 13:56:02 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/14 15:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/01/02 23:03:13 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/02 22:22:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/21 18:22:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2004/12/21 11:15:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/14 22:45:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/11 12:23:25 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2004/11/30 01:31:03 | 000,002,769 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/11/30 01:04:24 | 000,000,766 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/29 22:48:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/29 19:47:05 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/11/29 19:39:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/11/29 19:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/11/29 19:09:48 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/11/29 19:09:44 | 000,014,923 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/29 18:39:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/29 18:22:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/29 17:58:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/29 17:54:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/29 12:49:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/29 12:49:10 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/11 03:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 06:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 06:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 06:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004/06/30 16:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 14:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2004/01/29 20:45:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 12:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/11/22 12:49:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,541,282 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,099,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\SSCCleanup.exe:SummaryInformation
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 5/20/2011 3:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 42.30 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 60.96 Gb Free Space | 81.81% Space Free | Partition Type: NTFS
 
Computer Name: AMD3200 | User Name: Bruce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.

[guestolo]

Please do the following, Double  click on OTL.exe and Run it

• Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  

  :Files
  C:\WINDOWS\tasks\At*.job
  ipconfig /flushdns /c
  :Commands
  [EmptyTemp]
  [EmptyFlash]
  

  
  
• Then click the [color="#FF0000"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:

• Download [color="#0000FF"]TDSSKiller[/color] and save it to your Desktop.
     
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
• If an infected file is detected, the default action will be Cure, click on Continue.
     
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
     
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
     
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
     
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[ba5852]

Here is the log file from OTL. After the reboot from OTL scan the system started to freeze again so I had to go back into safe mode to run TDSSKiller.

All processes killed
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bruce\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: Administrator.AMD3200
->Temp folder emptied: 2215450 bytes
->Temporary Internet Files folder emptied: 2424322 bytes
->FireFox cache emptied: 18270310 bytes
->Flash cache emptied: 497 bytes
 
User: All Users
->Flash cache emptied: 113 bytes
 
User: Bruce
->Temp folder emptied: 30606762 bytes
->Temporary Internet Files folder emptied: 49394831 bytes
->Java cache emptied: 189450176 bytes
->FireFox cache emptied: 56278894 bytes
->Apple Safari cache emptied: 11036672 bytes
->Flash cache emptied: 2904730 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2931919 bytes
 
User: MIRIAM RESUME
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2400186 bytes
%systemroot%\System32 .tmp files removed: 18945204 bytes
%systemroot%\System32\dllcache .tmp files removed: 16823808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 181613 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14543036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 211146 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 399.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: Administrator.AMD3200
->Flash cache emptied: 0 bytes
 
User: All Users
->Flash cache emptied: 0 bytes
 
User: Bruce
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: MIRIAM RESUME
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05212011_160644

Files\Folders moved on Reboot...
C:\Documents and Settings\Bruce\Local Settings\Temp\~DFAD9.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06021.TMP not found!

Registry entries deleted on Reboot...


2011/05/21 16:35:19.0937 2640   TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 16:35:21.0953 2640   ================================================================================
2011/05/21 16:35:21.0953 2640   SystemInfo:
2011/05/21 16:35:21.0953 2640   
2011/05/21 16:35:21.0953 2640   OS Version: 5.1.2600 ServicePack: 3.0
2011/05/21 16:35:21.0953 2640   Product type: Workstation
2011/05/21 16:35:21.0953 2640   ComputerName: AMD3200
2011/05/21 16:35:21.0953 2640   UserName: Bruce
2011/05/21 16:35:21.0953 2640   Windows directory: C:\WINDOWS
2011/05/21 16:35:21.0953 2640   System windows directory: C:\WINDOWS
2011/05/21 16:35:21.0953 2640   Processor architecture: Intel x86
2011/05/21 16:35:21.0953 2640   Number of processors: 1
2011/05/21 16:35:21.0953 2640   Page size: 0x1000
2011/05/21 16:35:21.0953 2640   Boot type: Safe boot with network
2011/05/21 16:35:21.0953 2640   ================================================================================
2011/05/21 16:35:22.0593 2640   Initialize success
2011/05/21 16:35:57.0578 2724   ================================================================================
2011/05/21 16:35:57.0578 2724   Scan started
2011/05/21 16:35:57.0578 2724   Mode: Manual;
2011/05/21 16:35:57.0578 2724   ================================================================================
2011/05/21 16:35:59.0140 2724   ACPI    (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/21 16:35:59.0250 2724   ACPIEC    (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/21 16:35:59.0484 2724   aec    (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/21 16:35:59.0609 2724   AFD    (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/21 16:35:59.0921 2724   ALCXSENS    (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/21 16:36:00.0078 2724   ALCXWDM    (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/21 16:36:00.0390 2724   AmdK8    (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/21 16:36:00.0468 2724   Amps2prt    (a6215b60b98ba023ec5606a360d502af) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
2011/05/21 16:36:01.0000 2724   Aspi32    (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/05/21 16:36:01.0171 2724   AsyncMac    (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/21 16:36:01.0343 2724   atapi    (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/21 16:36:01.0531 2724   Atmarpc    (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/21 16:36:01.0609 2724   audstub    (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/21 16:36:01.0718 2724   Beep    (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/21 16:36:01.0843 2724   cbidf2k    (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/21 16:36:02.0015 2724   CCDECODE    (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/21 16:36:02.0281 2724   Cdaudio    (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/21 16:36:02.0390 2724   Cdfs    (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/21 16:36:02.0515 2724   Cdrom    (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/21 16:36:02.0687 2724   CDRPDACC    (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
2011/05/21 16:36:03.0468 2724   Disk    (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/21 16:36:03.0625 2724   dmboot    (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/21 16:36:03.0796 2724   dmio    (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/21 16:36:03.0875 2724   dmload    (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/21 16:36:04.0015 2724   DMusic    (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/21 16:36:04.0187 2724   dot4    (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/05/21 16:36:04.0296 2724   Dot4Print    (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/05/21 16:36:04.0390 2724   dot4usb    (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/05/21 16:36:04.0609 2724   drmkaud    (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/21 16:36:04.0781 2724   dvd43llh    (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/05/21 16:36:05.0062 2724   eeCtrl    (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/21 16:36:05.0171 2724   EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/21 16:36:05.0437 2724   Fastfat    (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/21 16:36:05.0640 2724   Fdc    (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/21 16:36:05.0796 2724   Fips    (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/21 16:36:06.0000 2724   FLASHSYS    (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
2011/05/21 16:36:06.0281 2724   Flpydisk    (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/21 16:36:06.0375 2724   FltMgr    (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/21 16:36:06.0750 2724   Fs_Rec    (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/21 16:36:06.0796 2724   Ftdisk    (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/21 16:36:06.0906 2724   GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 16:36:07.0140 2724   Gpc    (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/21 16:36:07.0296 2724   HCWBT8XX    (e4aef0daacbe59b048be0224a6d0e601) C:\WINDOWS\system32\drivers\HCWBT8XX.sys
2011/05/21 16:36:07.0453 2724   HidUsb    (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/21 16:36:07.0734 2724   HTTP    (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/21 16:36:08.0062 2724   i8042prt    (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/21 16:36:08.0203 2724   Imapi    (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/21 16:36:08.0531 2724   IOPort    (f7c534def663b4e847e44f20927f5ed2) C:\WINDOWS\System32\DRIVERS\IOPORT.SYS
2011/05/21 16:36:08.0640 2724   ip6fw    (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/21 16:36:08.0781 2724   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/21 16:36:09.0000 2724   IpInIp    (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/21 16:36:09.0125 2724   IpNat    (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/21 16:36:09.0281 2724   IPSec    (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/21 16:36:09.0406 2724   IRENUM    (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/21 16:36:09.0546 2724   isapnp    (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/21 16:36:09.0703 2724   Kbdclass    (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/21 16:36:09.0843 2724   kbdhid    (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/21 16:36:09.0968 2724   kmixer    (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/21 16:36:10.0109 2724   KSecDD    (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/21 16:36:10.0468 2724   mnmdd    (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/21 16:36:10.0640 2724   Modem    (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/21 16:36:10.0750 2724   MODEMCSA    (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/21 16:36:10.0921 2724   Mouclass    (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/21 16:36:11.0093 2724   mouhid    (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/21 16:36:11.0250 2724   MountMgr    (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/21 16:36:11.0390 2724   MRxDAV    (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/21 16:36:11.0562 2724   MRxSmb    (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/21 16:36:11.0781 2724   Msfs    (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/21 16:36:11.0890 2724   MSKSSRV    (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/21 16:36:12.0062 2724   MSPCLOCK    (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/21 16:36:12.0171 2724   MSPQM    (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/21 16:36:12.0375 2724   mssmbios    (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/21 16:36:12.0500 2724   MSTEE    (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/21 16:36:12.0578 2724   Mup    (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/21 16:36:12.0703 2724   MXOFX    (799a99d21e72023ee5adb28ae424efc8) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
2011/05/21 16:36:12.0859 2724   NABTSFEC    (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/21 16:36:13.0187 2724   NAVENG    (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110425.002\naveng.sys
2011/05/21 16:36:13.0343 2724   NAVEX15    (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110425.002\navex15.sys
2011/05/21 16:36:13.0671 2724   NDIS    (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/21 16:36:13.0796 2724   NdisIP    (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/21 16:36:13.0968 2724   NdisTapi    (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/21 16:36:14.0015 2724   Ndisuio    (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/21 16:36:14.0265 2724   NdisWan    (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/21 16:36:14.0343 2724   NDProxy    (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/21 16:36:14.0468 2724   NetBIOS    (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/21 16:36:14.0531 2724   NetBT    (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/21 16:36:14.0890 2724   Npfs    (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/21 16:36:15.0078 2724   Ntfs    (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/21 16:36:15.0234 2724   Null    (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/21 16:36:15.0546 2724   nv    (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/21 16:36:16.0140 2724   NwlnkFlt    (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/21 16:36:16.0296 2724   NwlnkFwd    (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/21 16:36:16.0468 2724   Parport    (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/21 16:36:16.0593 2724   PartMgr    (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/21 16:36:16.0703 2724   ParVdm    (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/21 16:36:16.0890 2724   PCAlertDriver (1d96fcada2335af7ceec71845898421c) C:\Program Files\MSI\Core Center\NTGLM7X.sys
2011/05/21 16:36:17.0031 2724   PCI    (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/21 16:36:17.0312 2724   Pcmcia    (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/21 16:36:17.0437 2724   Pcouffin    (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/05/21 16:36:18.0015 2724   pfc    (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/21 16:36:18.0234 2724   PptpMiniport   (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/21 16:36:18.0312 2724   Processor    (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/21 16:36:18.0484 2724   PSched    (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/21 16:36:18.0609 2724   Ptilink    (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/21 16:36:18.0765 2724   PxHelp20    (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/21 16:36:19.0375 2724   RapportCerberus_25973 (3d80f6fb972cffab9a760892f9ab7232) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys
2011/05/21 16:36:19.0515 2724   RapportEI    (dfd7ac211b7577409498713ed9d38384) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/21 16:36:19.0625 2724   RapportIaso    (8ef46da83462e865f9070b03edf740d4) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys
2011/05/21 16:36:19.0703 2724   RapportPG    (f898cfc346f765460126a634d9523605) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/21 16:36:19.0984 2724   RasAcd    (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/21 16:36:20.0125 2724   Rasl2tp    (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/21 16:36:20.0203 2724   RasPppoe    (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/21 16:36:20.0296 2724   Raspti    (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/21 16:36:20.0421 2724   Rdbss    (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/21 16:36:20.0546 2724   RDPCDD    (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/21 16:36:20.0703 2724   rdpdr    (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/21 16:36:20.0890 2724   RDPWD    (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/21 16:36:21.0046 2724   redbook    (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/21 16:36:21.0359 2724   RTL8023xp    (d05453b44f98f0e975a36081f4362be5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/21 16:36:21.0500 2724   RushTopDevice (350103481c3ba41714d82a1d0f763070) C:\Program Files\MSI\Core Center\RushTop.sys
2011/05/21 16:36:21.0671 2724   SASDIFSV    (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/21 16:36:21.0718 2724   SASKUTIL    (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/21 16:36:21.0875 2724   SAVRT    (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/05/21 16:36:21.0906 2724   SAVRTPEL    (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/05/21 16:36:22.0265 2724   Secdrv    (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/21 16:36:22.0437 2724   serenum    (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/21 16:36:22.0562 2724   Serial    (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/21 16:36:23.0000 2724   Sfloppy    (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/21 16:36:23.0250 2724   SLIP    (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/21 16:36:23.0406 2724   smserial    (fc512d9288cd4985a3f59a1184559051) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/05/21 16:36:23.0968 2724   SPBBCDrv    (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/21 16:36:24.0093 2724   splitter    (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/21 16:36:24.0250 2724   sr    (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/05/21 16:36:24.0421 2724   srescan    (bb1cc49b817d2551eb321f4a9afb7d8c) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/05/21 16:36:24.0625 2724   Srv    (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/21 16:36:24.0781 2724   ssfmonm    (3199c2d24366ee02b279f0a065936703) C:\WINDOWS\system32\DRIVERS\ssfmonm.sys
2011/05/21 16:36:24.0968 2724   sshrmd    (44533a8b02355f05015dbeac869c1d91) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
2011/05/21 16:36:25.0140 2724   ssidrv    (22ff2bde8b5362b29778de58b3261514) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
2011/05/21 16:36:25.0265 2724   SSKBFD    (00d7ce66e35fd5a3437d4a641d21bd87) C:\WINDOWS\system32\Drivers\sskbfd.sys
2011/05/21 16:36:25.0375 2724   StillCam    (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/21 16:36:25.0546 2724   streamip    (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/21 16:36:25.0656 2724   swenum    (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/21 16:36:25.0843 2724   swmidi    (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/21 16:36:26.0218 2724   SymEvent    (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/21 16:36:26.0359 2724   symlcbrd    (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/21 16:36:26.0531 2724   SYMREDRV    (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/21 16:36:26.0640 2724   SymSnap    (fea2d66aeb341e11fad6ff2d50b8ca40) C:\WINDOWS\system32\drivers\SymSnap.sys
2011/05/21 16:36:26.0765 2724   SYMTDI    (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/21 16:36:27.0062 2724   sysaudio    (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/21 16:36:27.0250 2724   Tcpip    (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/21 16:36:27.0421 2724   TDPIPE    (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/21 16:36:27.0515 2724   TDTCP    (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/21 16:36:27.0671 2724   TermDD    (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/21 16:36:27.0968 2724   Udfs    (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/21 16:36:28.0171 2724   Update    (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/21 16:36:28.0375 2724   USBAAPL    (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/21 16:36:28.0484 2724   usbehci    (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/21 16:36:28.0625 2724   usbhub    (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/21 16:36:28.0750 2724   usbscan    (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/21 16:36:28.0921 2724   USBSTOR    (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/21 16:36:29.0062 2724   usbuhci    (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/21 16:36:29.0203 2724   V2IMount    (deea641cc5f87867759856a52cbc0999) C:\WINDOWS\system32\drivers\V2IMount.sys
2011/05/21 16:36:29.0343 2724   VgaSave    (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/21 16:36:29.0468 2724   viaagp1    (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/05/21 16:36:29.0656 2724   ViaIde    (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/05/21 16:36:29.0859 2724   viamraid    (7dc3e1dc6e4f8be381c31bfea578412a) C:\WINDOWS\system32\drivers\viamraid.sys
2011/05/21 16:36:30.0000 2724   VIAudio    (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys
2011/05/21 16:36:30.0140 2724   videX32    (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/05/21 16:36:30.0312 2724   VolSnap    (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/21 16:36:30.0437 2724   VPROEVENTMONITOR (4e3ff45d846b6ffa142f53ca8784a94d) C:\WINDOWS\system32\drivers\VProEventMonitor.sys
2011/05/21 16:36:30.0578 2724   vsdatant    (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/05/21 16:36:31.0000 2724   Vsp    (aaf94bc88ecdf0ae0586805dad1e59c4) C:\WINDOWS\system32\drivers\Vsp.sys
2011/05/21 16:36:31.0109 2724   Wanarp    (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/21 16:36:31.0265 2724   wanatw    (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/21 16:36:31.0515 2724   wdmaud    (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/21 16:36:31.0906 2724   WmBEnum    (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/05/21 16:36:32.0015 2724   WmFilter    (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/05/21 16:36:32.0281 2724   WmVirHid    (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/05/21 16:36:32.0390 2724   WmXlCore    (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/05/21 16:36:32.0515 2724   WS2IFSL    (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/21 16:36:32.0640 2724   WSTCODEC    (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/21 16:36:32.0812 2724   WudfPf    (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/21 16:36:33.0015 2724   WudfRd    (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/21 16:36:33.0312 2724   ================================================================================
2011/05/21 16:36:33.0312 2724   Scan finished
2011/05/21 16:36:33.0312 2724   ================================================================================

No infected or suspicious files were found so program did not request a reboot.

[guestolo]

Download ComboFix from the following location

[color="#0000FF"]Link 1[/color]
Save it ONLY to your Desktop

      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

In addition, keep me updated how things are now running

[ba5852]

Started to run ComboFix in Safe Mode with nothing running except Zone Alarm. I got this warning message.


I do have these two programs installed but as far as I can tell they don't seem to be running in task manager and their tray icons don't appear unless I double click on them to start them up when I'm running in Safe Mode. In Normal Mode they both load on boot up.

Should I just ignore the message and go ahead and run ComboFix?

[ba5852]

Sorry about that. I pasted in a .jpg file of the warning and it looked fine in the editor but didn't come out okay when I posted it>

The warning message said:

ComboFix has detected the following real time scanner(s) to be active:

    Antivirus:    Webroot Antivirus with Spysweeper
    Antivirus:    Symantec Antivirus Corporate Edition

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking 'OK'.

[guestolo]

why are you running more than one active antivirus
It's unnecessary and unneeded, If both active, they will interfere with each other

I would hold onto the one your happiest with and Uninstall the other
Reboot into Normal windows, disable protection from the AV remaining on your computer
Then run ComboFix with previous instructions
If you can't run combofix in Normal windows, then boot to Safe mode and try running it

[ba5852]

When this problem occured I was only running Symantec Antivirus Corporate Edition. It wasn't finding anything so I installed Webroot Antivirus with Spysweeper hoping it might detect something. I can't find a way to disable Webroot so I'll uninstall it and then disable the other antivirus program before running ComboFix.

[ba5852]

I uninstalled Webroot Antivirus and rebooted in Normal Mode. The system performance improved. No longer freezing up.

I'm also not getting the error message I mentioned at the begining of my post when I boot in Normal Mode:

Windows cannot find C:\Documents~\Bruce\Local~\Temp\UninstalllockedSOSfiles
 Windows cannot find C:\Windows\is-VE64T.exe

However, when I try to run ComboFix I still get a message:

[indent]ComboFix has detected the following real time scanner(s) to be active:

 Antivirus: Webroot Antivirus with Spysweeper
 
Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking 'OK'.

[/indent]The uninstall program ran successfully on Webroot software so I'm not sure why I'm getting the message. I even rebooted in Normal Mode one more time and then tried to run ComboFix again but got the same warning message. Not sure if I should proceed with running ComboFix.

I just ran several programs and the system is running faster than before this problem occured. It looks like the programs you had me run have gotten rid of the problem. Everything seems to be running smoothly and faster than before with no error messages popping up.

The only thing I'm confused about is why ComboFix thinks Webroot is still active.
[indent] [/indent]

[guestolo]

Go ahead and try and run ComboFix with previous instructions

[ba5852]

I ran ComboFix. A window popped up a couple of times saying that there was an error in pev.something. I didn't catch the end of the filename. And it asked if I wanted to send a report.

A message also popped up in the ComboFix window saying something about the system was trying to terminate the program in an unusual way and to contact the administrator. I grabbed a pen to write down the exact message but it was gone before I could write it down.

Even though these messages appeared the program seemed to complete and this is the log file:

ComboFix 11-05-21.03 - Bruce 05/21/2011 21:41:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1253 [GMT -4:00]
Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bruce\Application Data\inst.exe
c:\documents and settings\Bruce\g2mdlhlpx.exe
c:\documents and settings\Bruce\Start Menu\Programs\Startup\Printkey2000.exe
c:\documents and settings\Bruce\WINDOWS
c:\program files\Internet Explorer\SETEC.tmp
c:\program files\Internet Explorer\SETED.tmp
c:\program files\Internet Explorer\SETEF.tmp
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-21 22:59 . 2011-05-21 22:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Trusteer
2011-05-21 20:18 . 2011-05-21 20:18   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 20:06 . 2011-05-21 20:06   --------   d-----w-   C:\_OTL
2011-05-07 02:25 . 2011-05-07 02:25   102400   ----a-w-   c:\windows\RegBootClean.exe
2011-05-06 20:24 . 2010-09-06 09:26   189520   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-05-06 02:58 . 2011-05-06 02:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-05-06 02:46 . 2011-05-06 02:46   --------   d-----w-   c:\documents and settings\Administrator.AMD3200\Local Settings\Application Data\Mozilla
2011-05-06 02:39 . 2011-05-06 02:39   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-04-28 18:34 . 2011-04-28 18:34   53816   ----a-w-   c:\windows\system32\drivers\RapportKELL.sys
2011-04-28 17:21 . 2011-04-28 17:21   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-28 11:00 . 2011-04-28 11:00   --------   d-----w-   c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com
2011-04-28 11:00 . 2011-04-28 11:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 02:19 . 2011-04-27 02:19   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
2011-04-27 01:58 . 2011-04-27 01:58   --------   d-----w-   c:\documents and settings\Bruce\Local Settings\Application Data\PackageAware
2011-04-26 23:29 . 2011-04-26 23:29   --------   d-----w-   c:\documents and settings\Bruce\Application Data\Malwarebytes
2011-04-26 23:29 . 2010-12-20 22:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 23:29 . 2011-04-26 23:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-26 23:29 . 2011-05-19 16:40   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-26 23:29 . 2010-12-20 22:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-26 16:36 . 2011-04-26 16:36   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
2011-04-26 15:21 . 2011-05-05 19:35   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-04-26 15:10 . 2011-04-26 15:10   --------   d-----w-   c:\windows\system32\config\systemprofile\Local Settings\Application Data\AOL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-11-29 21:55   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2001-08-23 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2001-08-23 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-01-08 20:23   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2001-08-23 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2001-08-23 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-08 01:48 . 2010-12-08 01:48   288568   ----a-w-   c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-05-06 03:04 . 2011-03-23 19:58   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-05-16 1630208]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2004-12-29 544768]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-09-10 1537648]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-04-01 169312]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2008-04-01 1647960]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HostManager"="c:\program files\Common Files\AOL\1187843131\ee\AOLSoftware.exe" [2010-03-08 41800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2004-06-18 67584]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2009-11-23 581632]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2006-4-10 117344]
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-1-7 826368]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2010-06-23 17:51   1043968   ----a-w-   c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [5/21/2011 6:44 PM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 4:57 PM 6144]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [4/1/2008 2:46 PM 161120]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/28/2011 2:34 PM 870200]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [8/25/2004 6:09 PM 9984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/21/2011 7:39 PM 105592]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [4/9/2006 11:14 AM 472644]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/22/2009 11:12 PM 9216]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [11/23/2009 12:02 AM 3351]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*NewlyCreated* - PCALERTDRIVER
*NewlyCreated* - RUSHTOPDEVICE
*NewlyCreated* - VPROEVENTMONITOR
*Deregistered* - ATWPKT2
*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ    getPlusHelper
WINRM   REG_MULTI_SZ    WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-10 c:\windows\Tasks\AMD 3200 Complete Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
.
2009-01-04 c:\windows\Tasks\Full Backup System1.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
.
2011-04-24 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-04-26 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {D822C7BD-037E-4E2F-9A19-6FD304CAA4F6} = 68.87.74.162,68.87.68.162
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll
SafeBoot-svcWRSSSDK
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 21:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-21 21:50:23
ComboFix-quarantined-files.txt 2011-05-22 01:50
.
Pre-Run: 43,083,403,264 bytes free
Post-Run: 43,269,476,352 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
[spybotsd]
timeout.old=30
.
- - End Of File - - C0150E3C6FDE02B0D70908772D3E57A0

[guestolo]

Can you do the following for me please
Run the next tools and post the logs

1. Run OTL.exe and do a Quick Scan, post the log that opens

2. Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

3.     Download [color="#FF0000"]aswMBR.exe[/color] to your desktop.
    Double click the aswMBR.exe to run it
    Click the "Scan" button to start scan
    Click Save log button and Save the aswMBR.log to the desktop
    Post content of that log here for me

[ba5852]

Here's the OTL log. I'm working on the other ones.

OTL logfile created on: 5/21/2011 10:24:33 PM - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 40.28 Gb Free Space | 27.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 60.96 Gb Free Space | 81.81% Space Free | Partition Type: NTFS
 
Computer Name: AMD3200 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/05/05 23:04:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1187843131\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/01 14:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/01 14:46:02 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/11 09:59:02 | 000,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2005/09/09 20:09:24 | 001,537,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/12/29 08:01:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/08/25 18:31:40 | 000,147,456 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2004/08/20 19:02:00 | 000,826,368 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/06/18 04:31:02 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/04/07 14:09:48 | 000,118,784 | R--- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/08/25 18:29:00 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/13 17:34:23 | 000,042,312 | R--- | M] (AOL Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/01 14:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/11 09:59:02 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/01/23 18:36:03 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/21 18:44:40 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)
DRV - [2011/05/21 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110521.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/21 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110521.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/16 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/04/21 14:55:18 | 000,018,872 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys -- (RapportIaso)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2006/10/17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/08 11:03:36 | 000,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/25 17:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2005/12/11 09:59:02 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/09 20:09:22 | 000,017,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys -- (VPROEVENTMONITOR)
DRV - [2005/09/09 20:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 20:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/01/11 09:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/25 18:09:14 | 000,009,984 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2004/08/20 19:03:02 | 000,021,632 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/06/21 04:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/26 20:55:42 | 000,037,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/23 23:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/16 12:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/05/27 17:45:06 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsp.sys -- (Vsp)
DRV - [2003/04/14 12:00:40 | 000,032,512 | R--- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/10/18 13:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1998/11/27 16:57:18 | 000,006,144 | R--- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 F9 C9 7E 59 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/07 04:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/27 17:34:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/27 17:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 23:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:57:38 | 000,000,000 | ---D | M]
 
[2008/10/24 19:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2011/03/23 12:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions
[2010/05/02 08:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 21:00:30 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/05/09 22:14:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\485uz6h1.default\extensions\[email protected]
[2011/03/23 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 11:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 16:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 16:17:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 18:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 21:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/06/07 07:03:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 23:04:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/07 21:48:41 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/12/07 21:48:06 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/05/21 21:47:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187843131\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} http://www.schaeffersresearch.com/download/CfxIEAx.cab (ChartFX Internet Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101768866155 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135430766921 (MUWebControl Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://oxps.webex.com/client/T26L/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/29 17:56:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/21 22:24:02 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2011/05/21 21:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/21 21:33:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/21 21:33:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/21 21:33:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/21 21:33:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/21 21:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/21 17:45:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/21 16:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Desktop\tdsskiller
[2011/05/21 16:06:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/20 15:27:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/06 16:24:04 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/06 14:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/05/06 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/05 22:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 22:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/04/28 14:34:50 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/04/28 07:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/26 22:19:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2011/04/26 21:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\PackageAware
[2011/04/26 19:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2011/04/26 19:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/26 19:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 19:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/26 19:29:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/26 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 12:36:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
[2011/04/26 11:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/26 11:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/25 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbo Tax
[2011/04/25 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Turbo Tax
[2010/08/08 23:00:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bruce\Application Data\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/21 22:24:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2011/05/21 22:23:38 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\SecurityCheck.exe
[2011/05/21 22:08:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/21 22:05:39 | 000,178,882 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/21 22:04:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 22:04:04 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/21 21:47:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/21 21:38:35 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2011/05/21 19:44:54 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeleChart.lnk
[2011/05/21 19:16:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/21 19:16:10 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Word 2003.lnk
[2011/05/21 18:44:01 | 000,000,251 | ---- | M] () -- C:\Boot.bak
[2011/05/21 17:57:25 | 000,024,048 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.JPG
[2011/05/21 17:48:37 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.bmp
[2011/05/21 17:35:13 | 004,352,705 | R--- | M] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix.exe
[2011/05/21 16:34:06 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\tdsskiller.zip
[2011/05/20 15:27:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/05/19 21:25:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/15 21:53:04 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-162909.backup
[2011/05/06 22:25:30 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/05 22:58:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 15:36:13 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153652.backup
[2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/26 19:29:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 14:29:12 | 000,432,016 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110505-153613.backup
[2011/04/26 11:24:06 | 000,250,532 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/04/26 11:21:59 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/26 10:59:28 | 000,002,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-112406.backup
[2011/04/26 00:05:27 | 000,434,571 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-105928.backup
[2011/04/25 23:09:18 | 000,168,432 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/04/24 03:00:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/23 00:07:11 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011/05/21 22:23:37 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\SecurityCheck.exe
[2011/05/21 21:38:35 | 000,000,251 | ---- | C] () -- C:\Boot.bak
[2011/05/21 21:38:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/21 21:33:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/21 21:33:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/21 21:33:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/21 21:33:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/21 21:33:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/21 18:37:57 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 17:57:25 | 000,024,048 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.JPG
[2011/05/21 17:48:36 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix Warning.bmp
[2011/05/21 17:35:12 | 004,352,705 | R--- | C] () -- C:\Documents and Settings\Bruce\Desktop\ComboFix.exe
[2011/05/21 16:34:04 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\tdsskiller.zip
[2011/05/06 22:25:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/06 16:23:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\housecall.guid.cache
[2011/05/06 14:32:08 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/05 22:58:07 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/26 22:21:50 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/04/26 19:29:15 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 11:21:59 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/26 11:21:59 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 11:14:38 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Bruce\Start Menu\Programs\Internet Explorer.lnk
[2011/04/25 23:09:18 | 000,168,432 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\spybot scan.jpg
[2011/04/25 20:24:57 | 000,103,783 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Task Mgr.jpg
[2011/02/21 10:37:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/01/12 00:10:56 | 001,593,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 10:40:38 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/12/04 10:40:37 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/08/08 23:00:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.cat
[2010/08/08 23:00:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\pcouffin.inf
[2010/06/26 11:00:27 | 000,048,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/11 22:26:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\default.pls
[2009/11/23 00:02:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2009/11/23 00:02:07 | 000,003,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsp.sys
[2009/09/05 11:57:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 20:37:40 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/18 20:37:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/18 20:37:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/18 20:37:37 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/18 20:37:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/18 20:37:35 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/18 20:37:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/18 20:37:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/26 16:22:18 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/26 16:22:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/26 16:22:10 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/28 22:17:00 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/10 15:37:48 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/10 15:25:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\asym.ini
[2008/02/10 15:22:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\IVCI.INI
[2007/11/03 12:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/03 22:48:27 | 000,002,209 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2006/11/14 00:22:05 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/08/06 17:04:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2006/08/06 16:15:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/06/27 19:38:00 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/19 21:48:25 | 000,001,386 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/04/13 19:53:31 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/04/09 11:19:04 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast_sav.ini
[2006/04/09 11:18:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2006/04/09 11:18:31 | 000,033,837 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006/04/09 11:18:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006/04/09 11:16:19 | 000,002,443 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2006/02/04 16:41:38 | 000,000,696 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/11 10:08:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2005/12/11 00:25:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\HotComm.INI
[2005/11/29 21:05:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/10/22 21:09:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/22 21:09:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/03/27 13:56:02 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/14 15:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/01/02 23:03:13 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/02 22:22:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/21 18:22:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2004/12/21 11:15:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/14 22:45:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/11 12:23:25 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2004/11/30 01:31:03 | 000,002,769 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/11/30 01:04:24 | 000,000,766 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/29 22:48:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/29 19:47:05 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/11/29 19:39:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/11/29 19:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/11/29 19:09:48 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/11/29 19:09:44 | 000,014,923 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/29 18:39:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/29 18:22:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/29 17:58:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/29 17:54:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/29 12:49:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/29 12:49:10 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/11 03:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 06:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 06:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 06:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 12:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004/06/30 16:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 14:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2004/01/29 20:45:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 12:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/11/22 12:49:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,541,282 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,099,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010/12/10 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2007/12/07 01:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/12/07 01:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/01/01 21:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2007/12/07 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/04 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/05/07 10:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 12:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/12/07 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/08 23:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/04/26 22:19:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2010/06/23 11:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/28 10:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/30 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/27 10:04:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706}
[2011/04/26 12:36:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
[2010/08/08 23:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\1clickPro
[2007/12/07 01:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\A2Soft Shared
[2009/11/22 17:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Blitware
[2007/12/07 01:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\BlocksPlayer
[2007/12/07 01:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Centra
[2008/10/25 14:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/07 01:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Copernic
[2010/01/08 22:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\ImgBurn
[2007/12/07 01:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Leadertech
[2009/01/01 21:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Maxtor Quick Start
[2010/01/04 00:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\MP3toiPodAudioBookConverter
[2007/12/12 09:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\NesterSoft
[2007/12/07 01:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Netscape
[2007/12/07 01:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\ScanSoft
[2009/05/06 08:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Snapfish
[2010/12/04 12:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Softland
[2010/12/04 10:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\SolidDocuments
[2009/11/22 22:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\SystemRequirementsLab
[2011/02/14 11:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\TeamViewer
[2007/12/07 01:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\The Blocks Company, LLC
[2007/12/07 01:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\The Labyrinth Plus! Edition
[2011/04/21 12:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Trusteer
[2009/08/16 22:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Viewpoint
[2010/08/08 23:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Vso
[2007/12/07 01:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\VSO_HWE
[2011/04/21 13:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\WebEx
[2010/09/08 16:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Windows Search
[2010/12/09 16:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
[2011/01/10 02:01:00 | 000,000,826 | ---- | M] () -- C:\WINDOWS\Tasks\AMD 3200 Complete Backup.job
[2009/01/04 03:00:00 | 000,000,802 | ---- | M] () -- C:\WINDOWS\Tasks\Full Backup System1.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\SSCCleanup.exe:SummaryInformation
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

[ba5852]

Results of screen317's Security Check version 0.99.11
 Windows XP Service Pack 3
 Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled!
 Symantec AntiVirus    
 ZoneAlarm    
 Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 24
 Java(TM) SE Runtime Environment 6 Update 1
 Java(TM) 6 Update 3
 Java(TM) 6 Update 7
 Out of date Java installed!
 Adobe Flash Player    10.3.181.14
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
 Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Symantec AntiVirus DefWatch.exe
 Symantec AntiVirus Rtvscan.exe
 Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

[ba5852]

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 22:37:34
-----------------------------
22:37:34.578   OS Version: Windows 5.1.2600 Service Pack 3
22:37:34.578   Number of processors: 1 586 0xC00
22:37:34.578   ComputerName: AMD3200 UserName: Bruce
22:37:35.171   Initialize success
22:37:43.015   Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
22:37:43.015   Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 1
22:37:43.015   Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target2Lun0
22:37:43.031   Disk 1 Vendor: WDC_WD80 05.0 Size: 76319MB BusType: 1
22:37:43.031   Disk 0 MBR read successfully
22:37:43.031   Disk 0 MBR scan
22:37:43.031   Disk 0 unknown MBR code
22:37:43.031   Disk 0 scanning sectors +312576705
22:37:43.078   Disk 0 scanning C:\WINDOWS\system32\drivers
22:37:50.453   Service scanning
22:37:51.890   Disk 0 trace - called modules:
22:37:51.890   ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
22:37:51.890   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab28030]
22:37:51.890   3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x8ab84588]
22:37:52.390   Scan finished successfully
22:38:28.484   Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
22:38:28.484   The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"

[guestolo]

Are you having any problems with Internet Explorer or Firefox?
Any redirects or problems accessing sites?

[ba5852]

Both browsers seem to be working fine.

I haven't seen any redirects or problems accessing sites.