[micky30029]

Not all the time - but get redirected to blank page sometimes

have played with torrents

have read previous stuff etc etc

logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:52 PM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tftpu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179760495516
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Wedding%20Dash%202/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\pdfcmnntr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\WINDOWS\system32\tftpu.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6119 bytes

Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/19/2010 12:26:04 PM
mbam-log-2010-02-19 (12-26-04).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 208095
Time elapsed: 1 hour(s), 52 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-15 23:18:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Allie\LOCALS~1\Temp\kwdiyfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs MPRIFL.SYS (My Private Folder driver/FSPro Labs)
AttachedDevice \FileSystem\Fastfat \Fat MPRIFL.SYS (My Private Folder driver/FSPro Labs)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

[schrauber]

Hello and :welcome: to 247Fixes.com

My name is Thomas and I will be helping you. (Tom is fine, if you like.)


You may want to keep the link to this topic in your favourites. Alternatively, you can click the http://i517.photobucket.com/albums/u338/Eextremeboy/watch247pic.jpg button at the top bar of this topic and choose the notification you wish and click Proceed. Your subscription will be added and the topics you are subscribed/tracked to can be found in your Control Panel on this page

Please take note of the following guidelines:

• In the meantime, please refrain from making any changes to your computer.
  
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
  
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  
• Old topics are closed after 3-5 days with no reply, and working topics are closed after 5-7 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  
• Finally, please reply using the http://i517.photobucket.com/albums/u338/Eextremeboy/addreply_icon247.jpg button in the lower left hand corner of your screen.

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  
  
• Save it to your desktop.
  
• Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  safebootminimal
  safebootnetwork
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  
• Push the Quick Scan button.
  
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized

[micky30029]

thanks Tom - here it is... Note I use Firefox browser

OTL logfile created on: 2/20/2010 11:50:00 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Allie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 423.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 21.89 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
Drive D: | 14.92 Gb Total Space | 14.54 Gb Free Space | 97.50% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Allyse
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/20 11:48:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allie\desktop\OTL.exe
PRC - [2010/02/18 22:36:18 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/03 09:17:37 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/03 09:07:10 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/03 09:07:09 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/03 09:07:01 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/03 09:06:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/13 17:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/09/10 14:28:59 | 000,179,712 | ---- | M] (SearchHelp, Inc.) -- C:\WINDOWS\system32\tftpu.exe
PRC - [2008/03/30 09:36:40 | 000,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 000,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/11/02 19:10:52 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2007/09/07 11:13:37 | 000,292,152 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/28 17:56:38 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfHost.exe
PRC - [2006/02/19 01:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2001/08/17 21:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 11:48:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allie\desktop\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/09/10 14:29:00 | 000,190,976 | ---- | M] (SearchHelp, Inc.) -- C:\WINDOWS\system32\psbaselt.dll
MOD - [2007/09/07 11:13:48 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/03 09:06:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/09/10 14:28:59 | 000,179,712 | ---- | M] (SearchHelp, Inc.) [Auto | Running] -- C:\WINDOWS\system32\tftpu.exe -- (Scprtn)
SRV - [2008/03/30 09:36:30 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/01/20 18:37:34 | 000,397,312 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2001/08/17 21:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/03 09:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 11:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 11:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/21 22:55:43 | 000,000,000 | ---D | M]

[2009/12/17 20:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Mozilla\Extensions
[2010/01/14 20:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Mozilla\Firefox\Profiles\vf4kq2b8.default\extensions
[2009/12/13 18:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allie\Application Data\Mozilla\Firefox\Profiles\vf4kq2b8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/17 11:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/10 14:28:59 | 000,072,192 | ---- | M] (SearchHelp, Inc.) -- C:\Program Files\Mozilla Firefox\components\perfs19.dll
[2010/02/14 15:25:26 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/04/13 17:32:32 | 000,303,042 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1179760495516 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Wedding%20Dash%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.5 64.233.217.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\pdfcmnntr.dll) - C:\WINDOWS\system32\pdfcmnntr.dll (SearchHelp, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/21 09:10:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7dadd36b-d3d3-11dd-bd35-00045a4afe4a}\Shell - "" = AutoRun
O33 - MountPoints2\{7dadd36b-d3d3-11dd-bd35-00045a4afe4a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dadd36b-d3d3-11dd-bd35-00045a4afe4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f2cbaeb1-0383-11df-b6f5-00045a4afe4a}\Shell - "" = AutoRun
O33 - MountPoints2\{f2cbaeb1-0383-11df-b6f5-00045a4afe4a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2cbaeb1-0383-11df-b6f5-00045a4afe4a}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/21 09:10:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: KmReg - C:\WINDOWS\system32\keyoi01.sys (SearchHelp, Inc.)
SafeBootMin: NtLclIpc - C:\WINDOWS\system32\keyo01.sys (SearchHelp, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: Scprtn - C:\WINDOWS\system32\tftpu.exe (SearchHelp, Inc.)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: KmReg - C:\WINDOWS\system32\keyoi01.sys (SearchHelp, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLclIpc - C:\WINDOWS\system32\keyo01.sys (SearchHelp, Inc.)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: Scprtn - C:\WINDOWS\system32\tftpu.exe (SearchHelp, Inc.)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (12388291999432704)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/20 11:48:44 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allie\Desktop\OTL.exe
[2010/02/20 11:28:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/20 11:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/20 11:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/02/20 11:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/02/20 11:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Winamp
[2010/02/20 11:24:13 | 010,798,496 | ---- | C] (Nullsoft, Inc.) -- C:\Documents and Settings\Allie\Desktop\winamp5572_full_emusic-7plus_en-us.exe
[2010/02/19 17:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allie\Recent
[2010/02/15 22:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/15 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\zztoy
[2010/02/15 20:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Privacy and Registry Cleaner
[2010/02/15 20:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Uniblue
[2010/02/14 15:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Foxit
[2010/02/14 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/02/13 18:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/13 18:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Facebook
[2010/02/13 12:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/13 12:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/11 22:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\2BrightSparks Syncback
[2010/02/11 21:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\My Documents\Downloads
[2010/02/04 20:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/02/03 09:01:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/03 09:01:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/03 09:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/07 08:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/12 21:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/02 22:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/08/15 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/11 21:35:44 | 005,645,592 | ---- | C] (PokerStars) -- C:\Program Files\PokerStarsInstall.exe
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2010/02/20 11:48:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allie\Desktop\OTL.exe
[2010/02/20 11:36:21 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Allie\NTUSER.DAT
[2010/02/20 11:29:19 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/02/20 11:24:52 | 010,798,496 | ---- | M] (Nullsoft, Inc.) -- C:\Documents and Settings\Allie\Desktop\winamp5572_full_emusic-7plus_en-us.exe
[2010/02/20 09:11:34 | 055,963,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/19 15:00:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/19 15:00:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 14:59:22 | 000,350,195 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/19 14:59:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/19 14:59:21 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Qcmvxm.job
[2010/02/19 14:58:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 14:58:50 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 14:57:45 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\sysdnc.dat
[2010/02/19 14:57:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Allie\ntuser.ini
[2010/02/19 05:04:43 | 001,409,962 | -H-- | M] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\IconCache.db
[2010/02/14 09:51:44 | 000,000,818 | ---- | M] () -- C:\Program Files\Shortcut to googleearth.lnk
[2010/02/13 15:33:21 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 13:40:17 | 000,465,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/13 13:40:17 | 000,079,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/13 13:40:16 | 000,555,932 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/13 13:35:00 | 000,390,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/13 12:17:06 | 000,089,088 | RHS- | M] () -- C:\WINDOWS\System32\msvcrt(2)G.dll
[2010/02/11 21:07:01 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Allie\NTUSER.DAT.gbck

========== Files Created - No Company Name ==========

[2010/02/20 11:29:19 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/02/14 09:51:44 | 000,000,818 | ---- | C] () -- C:\Program Files\Shortcut to googleearth.lnk
[2010/02/13 12:17:08 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Qcmvxm.job
[2010/02/13 12:17:06 | 000,089,088 | RHS- | C] () -- C:\WINDOWS\System32\msvcrt(2)G.dll
[2008/11/22 10:19:57 | 000,000,158 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/06/25 18:42:29 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/06/20 12:26:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/06/18 15:45:39 | 000,009,024 | ---- | C] () -- C:\WINDOWS\System32\sbnetkey.sys
[2008/04/02 20:38:19 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2008/03/29 17:03:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/24 10:42:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/11/27 19:49:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ds.INI
[2007/11/27 17:01:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/27 16:50:58 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2007/11/20 20:28:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/11/08 23:23:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kruptos.INI
[2007/10/05 18:51:45 | 000,004,820 | ---- | C] () -- C:\WINDOWS\CAMUNWISE.INI
[2007/10/05 18:50:41 | 000,000,090 | ---- | C] () -- C:\WINDOWS\jascreg.ini
[2007/10/05 18:49:24 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2007/09/29 14:13:34 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/01 13:12:06 | 000,010,463 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2007/09/01 12:52:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007/09/01 12:52:08 | 000,000,723 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/11 21:24:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\fusioncache.dat
[2007/07/14 19:43:45 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/07/04 15:38:58 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/04 15:13:22 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\FASTWiz.log
[2007/05/21 13:11:34 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/04/27 20:42:10 | 000,009,931 | ---- | C] () -- C:\WINDOWS\System32\mswgnaoie.dll
[2006/12/21 05:21:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\msngcaoid.dll
[2004/01/20 18:39:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/09/03 11:44:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2002/09/03 11:39:08 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2002/09/03 11:30:38 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[1998/06/11 20:08:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1998/06/11 20:08:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/02/12 16:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/11 22:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/13 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/11 23:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MostFun
[2009/12/17 19:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/23 16:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/02/14 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/14 12:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009/11/07 11:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/20 21:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2008/10/14 21:04:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1BFA58C9-6B9E-433B-875A-6AD34E8AE1C3}
[2008/10/04 21:28:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AAFEDBA9-6580-4A50-8E64-52AA8F431026}
[2008/03/29 17:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\acccore
[2008/07/14 14:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Aim
[2009/01/11 18:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Alibre Design
[2010/02/11 22:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Amazon
[2010/02/15 20:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Auslogics
[2009/12/17 19:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Azureus
[2008/08/08 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\DatawareGames
[2010/02/13 18:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Facebook
[2010/02/14 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Foxit
[2007/07/30 20:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\FUJIFILM
[2008/12/24 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\GameInvest
[2009/12/17 19:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\GlarySoft
[2007/11/09 16:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\GoodSync
[2009/07/05 10:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\IObit
[2008/12/28 20:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\IOMediaSupport6SZZ001s
[2009/02/12 21:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Jane s Hotel
[2007/11/23 22:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\KewlBoxPrefs
[2009/04/25 20:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Obsidium
[2009/12/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\PlayFirst
[2009/05/07 20:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Playrix Entertainment
[2007/11/22 10:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Preclick Photo Organizer
[2008/03/29 22:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\QQ Games Plugin
[2009/10/25 19:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\SBTT
[2007/09/29 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Sereniti
[2008/12/28 20:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Spinapse
[2009/02/19 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\SpinTop
[2008/12/28 20:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Suspects and Clues Players
[2008/12/28 20:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Suspects and Clues Prefs
[2007/11/17 22:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Thunderbird
[2009/04/26 08:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Total Eclipse
[2010/02/15 20:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Uniblue
[2010/02/20 09:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\uTorrent
[2009/03/01 17:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Windows Desktop Search
[2009/12/19 22:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Windows Search
[2010/02/13 12:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\WinPatrol
[2008/08/10 21:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\WNR
[2009/12/17 19:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\yoclient
[2010/02/19 14:59:21 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Qcmvxm.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 08:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

[schrauber]

Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but [B]rename it to <schrauber> before[/b] saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

When finished, it will produce a report for you.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingc...to-use-combofix

[micky30029]

I'll do all that - just forgot the extras - here they are
- Just wondering from the previous log, what is out of the ordinary (just curious)
Will soon post what you asked for - thanks for getting back so soon

OTL Extras logfile created on: 2/20/2010 11:50:00 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Allie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 423.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 21.89 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
Drive D: | 14.92 Gb Total Space | 14.54 Gb Free Space | 97.50% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Allyse
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\MostFun\Bin\MostFun.exe" = C:\Program Files\MostFun\Bin\MostFun.exe:*:Enabled:MostFun -- (NeoEdge Networks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Proxy Switcher Lite\ProxySwitcher.exe" = C:\Program Files\Proxy Switcher Lite\ProxySwitcher.exe:*:Enabled:Proxy Switcher -- (Proxy Switcher)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BD2069A-A865-432A-86B8-1151BB0526CC}" = MostFun Game Player
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85F0360D-5B3B-4371-9517-62A5A47F4A5E}" = CameraDrivers
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A2273570-B532-4F8D-892E-14999C591E25}" = Kruptos 2
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8C81CAA-69CE-4F2D-974C-38961F8E1B07}" = PCPal
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C023CABF-1FDF-4d84-8E0F-11F30417923E}" = CameraUserGuides
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"AVGantiRootkit" = AVG Anti-Rootkit Free
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"File Shredder_is1" = File Shredder 2.0
"Foxit Reader" = Foxit Reader
"GENEUIDE" = USB Storage Driver
"Glary Registry Repair_is1" = Glary Registry Repair 2.8
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Indeo® Software" = Indeo® Software
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPINT" = MicroStaff WINASPI NT
"My Lockbox_is1" = My Lockbox 1.2 for Windows 2000/XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Privacy and Registry Cleaner" = Privacy and Registry Cleaner
"PRJPRO" = Microsoft Office Project Professional 2007
"ProcessScanner_is1" = Uniblue ProcessScanner
"ProxySwitcher Lite_is1" = ProxySwitcher Lite
"QuickSFV" = QuickSFV (Remove only)
"RealArcade" = RealArcade
"Revo Uninstaller" = Revo Uninstaller 1.85
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2007
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Checkbook - SHAREWARE" = Checkbook - SHAREWARE
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 11:57:08 PM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application otl.exe, version 3.1.28.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030f47.

Error - 2/15/2010 11:59:24 PM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application otl(2).exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/15/2010 11:59:33 PM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application otl(2).exe, version 3.1.28.0, faulting module
unknown, version 0.0.0.0, fault address 0x00030f47.

Error - 2/16/2010 12:01:41 AM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application otl.exe, version 3.1.28.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030f47.

Error - 2/16/2010 12:31:01 AM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application otl.exe, version 3.1.28.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030f47.

Error - 2/19/2010 10:03:57 AM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application otl.exe, version 3.1.28.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030f47.

Error - 2/19/2010 10:12:27 AM | Computer Name = SENGFAMILY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALLIE\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 2/19/2010 3:54:03 PM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application tfc.exe, version 3.1.4.0, faulting module unknown,
version 0.0.0.0, fault address 0x00c30f47.

Error - 2/19/2010 3:54:42 PM | Computer Name = SENGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application tfc.exe, version 3.1.4.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030f47.

Error - 2/19/2010 4:00:47 PM | Computer Name = SENGFAMILY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALLIE\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ ODiag Events ]
Error - 2/7/2010 9:08:48 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kb4. Error code: 80004005

Error - 2/7/2010 9:08:48 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kbg. Error code: N/A

Error - 2/7/2010 9:08:48 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kbw. Error code: 80004005

[ OSession Events ]
Error - 2/7/2010 9:02:35 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:02:41 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:02:55 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:03:09 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:03:20 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:03:29 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:05:00 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:05:06 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:05:33 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2010 9:08:43 PM | Computer Name = SENGFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/19/2010 3:55:46 PM | Computer Name = SENGFAMILY | Source = Service Control Manager | ID = 7034
Description = The IS360service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/19/2010 3:55:46 PM | Computer Name = SENGFAMILY | Source = Service Control Manager | ID = 7034
Description = The PCTEL Speaker Phone service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/19/2010 3:55:46 PM | Computer Name = SENGFAMILY | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/19/2010 3:55:46 PM | Computer Name = SENGFAMILY | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/19/2010 3:59:49 PM | Computer Name = SENGFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 2/19/2010 4:05:33 PM | Computer Name = SENGFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BEEV5LJ2DZC5TBK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D484D517-415. The master browser is stopping or an election is being
forced.

Error - 2/19/2010 5:29:34 PM | Computer Name = SENGFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BEEV5LJ2DZC5TBK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D484D517-415. The master browser is stopping or an election is being
forced.

Error - 2/19/2010 6:41:27 PM | Computer Name = SENGFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BEEV5LJ2DZC5TBK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D484D517-415. The master browser is stopping or an election is being
forced.

Error - 2/19/2010 9:24:53 PM | Computer Name = SENGFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BEEV5LJ2DZC5TBK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D484D517-415. The master browser is stopping or an election is being
forced.

Error - 2/19/2010 10:24:56 PM | Computer Name = SENGFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BEEV5LJ2DZC5TBK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D484D517-415. The master browser is stopping or an election is being
forced.


< End of report >

[micky30029]

GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:24 on 20/02/2010 (Allyse)
Firefox version 3.5.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:18 17/01/2010]

C:\Documents and Settings\Allie\Application Data\Mozilla\Firefox\Profiles\vf4kq2b8.default\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [23:39 13/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [14:06 03/02/2010]

-=E.O.F=-

[micky30029]

COMBOFIX did not let me re name it before it was saved to my desktop - what 2 do

[schrauber]

Please rightclick the downloadlink and choose Save as, then you can rename it :)

[micky30029]

restarts part way through combofix run

[schrauber]

Sorry, did not understand what you mean.

Are you able to run Combofix?

[micky30029]

no, it wouldn't complete

Got to 6a and then notice appeared that system was going to re boot and the machine re started

no log

I couldn't disable AVG 9.0 - even with the internet help - there is no area in avg to disable?

[schrauber]

Ok,

Please try this:

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

[micky30029]

19:10:09:718 3600 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31
19:10:09:718 3600 ================================================================================
19:10:09:718 3600 SystemInfo:

19:10:09:718 3600 OS Version: 5.1.2600 ServicePack: 3.0
19:10:09:718 3600 Product type: Workstation
19:10:09:718 3600 ComputerName: SENGFAMILY
19:10:09:718 3600 UserName: Allie
19:10:09:718 3600 Windows directory: C:\WINDOWS
19:10:09:718 3600 Processor architecture: Intel x86
19:10:09:718 3600 Number of processors: 1
19:10:09:718 3600 Page size: 0x1000
19:10:09:718 3600 Boot type: Normal boot
19:10:09:718 3600 ================================================================================
19:10:09:718 3600 UnloadDriverW: NtUnloadDriver error 2
19:10:09:718 3600 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:10:09:734 3600 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
19:10:09:859 3600 UtilityInit: KLMD drop and load success
19:10:09:859 3600 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
19:10:09:859 3600 UtilityInit: KLMD open success
19:10:09:859 3600 UtilityInit: Initialize success
19:10:09:859 3600
19:10:09:859 3600 Scanning Services ...
19:10:09:859 3600 CreateRegParser: Registry parser init started
19:10:09:859 3600 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
19:10:09:859 3600 CreateRegParser: DisableWow64Redirection error
19:10:09:859 3600 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:10:09:859 3600 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
19:10:09:859 3600 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:10:09:859 3600 wfopen_ex: Trying to KLMD file open
19:10:09:859 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
19:10:09:859 3600 wfopen_ex: File opened ok (Flags 2)
19:10:09:859 3600 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 274AF8
19:10:09:859 3600 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:10:09:875 3600 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
19:10:09:875 3600 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:10:09:875 3600 wfopen_ex: Trying to KLMD file open
19:10:09:875 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
19:10:09:875 3600 wfopen_ex: File opened ok (Flags 2)
19:10:09:875 3600 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 2749E8
19:10:09:875 3600 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
19:10:09:875 3600 CreateRegParser: EnableWow64Redirection error
19:10:09:875 3600 CreateRegParser: RegParser init completed
19:10:10:359 3600 GetAdvancedServicesInfo: Raw services enum returned 373 services
19:10:10:359 3600 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:10:10:359 3600 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:10:10:359 3600
19:10:10:359 3600 Scanning Kernel memory ...
19:10:10:359 3600 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
19:10:10:359 3600 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8737EBA0
19:10:10:359 3600 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
19:10:10:359 3600
19:10:10:359 3600 DetectCureTDL3: DEVICE_OBJECT: 873C8608
19:10:10:359 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873C8608
19:10:10:359 3600 KLMD_ReadMem: Trying to ReadMemory 0x873C8608[0x38]
19:10:10:359 3600 DetectCureTDL3: DRIVER_OBJECT: 8737EBA0
19:10:10:359 3600 KLMD_ReadMem: Trying to ReadMemory 0x8737EBA0[0xA8]
19:10:10:359 3600 KLMD_ReadMem: Trying to ReadMemory 0xE10148C8[0x18]
19:10:10:375 3600 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_CREATE : F7835C30
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_CLOSE : F7835C30
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_READ : F782FD9B
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_WRITE : F782FD9B
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F7830366
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F783044D
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F7833FC3
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SHUTDOWN : F7830366
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_POWER : F7831EF3
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7836A24
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
19:10:10:375 3600 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
19:10:10:375 3600 TDL3_FileDetect: Processing driver: Disk
19:10:10:375 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:375 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:390 3600 TDL3_FileDetect: Processing driver: Disk
19:10:10:390 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:390 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:390 3600 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:10:10:390 3600
19:10:10:390 3600 DetectCureTDL3: DEVICE_OBJECT: 873C89D0
19:10:10:390 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873C89D0
19:10:10:390 3600 KLMD_ReadMem: Trying to ReadMemory 0x873C89D0[0x38]
19:10:10:390 3600 DetectCureTDL3: DRIVER_OBJECT: 8737EBA0
19:10:10:390 3600 KLMD_ReadMem: Trying to ReadMemory 0x8737EBA0[0xA8]
19:10:10:390 3600 KLMD_ReadMem: Trying to ReadMemory 0xE10148C8[0x18]
19:10:10:390 3600 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_CREATE : F7835C30
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_CLOSE : F7835C30
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_READ : F782FD9B
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_WRITE : F782FD9B
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F7830366
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F783044D
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F7833FC3
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SHUTDOWN : F7830366
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_POWER : F7831EF3
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7836A24
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
19:10:10:390 3600 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
19:10:10:390 3600 TDL3_FileDetect: Processing driver: Disk
19:10:10:390 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:390 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:390 3600 TDL3_FileDetect: Processing driver: Disk
19:10:10:406 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:406 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:406 3600 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:10:10:406 3600
19:10:10:406 3600 DetectCureTDL3: DEVICE_OBJECT: 87342C68
19:10:10:406 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87342C68
19:10:10:406 3600 KLMD_ReadMem: Trying to ReadMemory 0x87342C68[0x38]
19:10:10:406 3600 DetectCureTDL3: DRIVER_OBJECT: 8737EBA0
19:10:10:406 3600 KLMD_ReadMem: Trying to ReadMemory 0x8737EBA0[0xA8]
19:10:10:406 3600 KLMD_ReadMem: Trying to ReadMemory 0xE10148C8[0x18]
19:10:10:406 3600 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CREATE : F7835C30
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CLOSE : F7835C30
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_READ : F782FD9B
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_WRITE : F782FD9B
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F7830366
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F783044D
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F7833FC3
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SHUTDOWN : F7830366
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_POWER : F7831EF3
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7836A24
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
19:10:10:406 3600 TDL3_FileDetect: Processing driver: Disk
19:10:10:406 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:406 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:406 3600 TDL3_FileDetect: Processing driver: Disk
19:10:10:406 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:406 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:10:406 3600 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:10:10:406 3600
19:10:10:406 3600 DetectCureTDL3: DEVICE_OBJECT: 87344AB8
19:10:10:406 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87344AB8
19:10:10:406 3600 DetectCureTDL3: DEVICE_OBJECT: 873619E8
19:10:10:406 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873619E8
19:10:10:406 3600 DetectCureTDL3: DEVICE_OBJECT: 873C8D98
19:10:10:406 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873C8D98
19:10:10:406 3600 KLMD_ReadMem: Trying to ReadMemory 0x873C8D98[0x38]
19:10:10:406 3600 DetectCureTDL3: DRIVER_OBJECT: 8737E3B8
19:10:10:406 3600 KLMD_ReadMem: Trying to ReadMemory 0x8737E3B8[0xA8]
19:10:10:406 3600 KLMD_ReadMem: Trying to ReadMemory 0xE187E930[0x1A]
19:10:10:406 3600 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CREATE : F7762572
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CLOSE : F7762572
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_READ : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_WRITE : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F7762592
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F775E7B4
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_POWER : F77625BC
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7769164
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
19:10:10:406 3600 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
19:10:10:406 3600 TDL3_FileDetect: Processing driver: atapi
19:10:10:406 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:406 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:421 3600 KLMD_ReadMem: Trying to ReadMemory 0xF775F7C6[0x400]
19:10:10:421 3600 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:10:10:421 3600 TDL3_FileDetect: Processing driver: atapi
19:10:10:421 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:421 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:421 3600 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
19:10:10:421 3600
19:10:10:421 3600 DetectCureTDL3: DEVICE_OBJECT: 873A0AB8
19:10:10:421 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873A0AB8
19:10:10:421 3600 DetectCureTDL3: DEVICE_OBJECT: 8737DF18
19:10:10:421 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8737DF18
19:10:10:421 3600 DetectCureTDL3: DEVICE_OBJECT: 8734FD98
19:10:10:421 3600 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8734FD98
19:10:10:421 3600 KLMD_ReadMem: Trying to ReadMemory 0x8734FD98[0x38]
19:10:10:421 3600 DetectCureTDL3: DRIVER_OBJECT: 8737E3B8
19:10:10:421 3600 KLMD_ReadMem: Trying to ReadMemory 0x8737E3B8[0xA8]
19:10:10:421 3600 KLMD_ReadMem: Trying to ReadMemory 0xE187E930[0x1A]
19:10:10:421 3600 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_CREATE : F7762572
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_CLOSE : F7762572
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_READ : 804FA87E
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_WRITE : 804FA87E
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
19:10:10:421 3600 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F7762592
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F775E7B4
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_POWER : F77625BC
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7769164
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
19:10:10:437 3600 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
19:10:10:437 3600 TDL3_FileDetect: Processing driver: atapi
19:10:10:437 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:437 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:437 3600 KLMD_ReadMem: Trying to ReadMemory 0xF775F7C6[0x400]
19:10:10:437 3600 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:10:10:437 3600 TDL3_FileDetect: Processing driver: atapi
19:10:10:437 3600 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:437 3600 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10:437 3600 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
19:10:10:437 3600
19:10:10:437 3600 Completed
19:10:10:437 3600
19:10:10:437 3600 Results:
19:10:10:437 3600 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:10:10:437 3600 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:10:10:437 3600 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:10:10:437 3600
19:10:10:437 3600 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
19:10:10:437 3600 UtilityDeinit: KLMD(ARK) unloaded successfully

[schrauber]

Hi,

How is it running now? Please post back with a fresh OTL logfile.

[micky30029]

Still having the problem, not on the first few links on a search engine page,
but on the third or forth it goes to a blank page and blank address bar
(www toanrghgneol com server not found 255.255.255.255)
heres the latest otl log



OTL logfile created on: 2/25/2010 6:17:06 AM - Run 3
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Allie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 21.26 Gb Free Space | 28.51% Space Free | Partition Type: NTFS
Drive D: | 14.92 Gb Total Space | 14.53 Gb Free Space | 97.38% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SENGFAMILY
Current User Name: Allie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/20 11:48:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allie\desktop\OTL.exe
PRC - [2010/02/18 22:36:18 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/03 09:07:10 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/03 09:07:09 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/03 09:07:01 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/03 09:06:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/09/10 14:28:59 | 000,179,712 | ---- | M] (SearchHelp, Inc.) -- C:\WINDOWS\system32\tftpu.exe
PRC - [2008/03/30 09:36:40 | 000,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 000,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/11/02 19:10:52 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2007/09/07 11:13:37 | 000,292,152 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/19 01:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2001/08/17 21:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 11:48:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allie\desktop\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2007/09/07 11:13:48 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/03 09:06:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/09/10 14:28:59 | 000,179,712 | ---- | M] (SearchHelp, Inc.) [Auto | Running] -- C:\WINDOWS\system32\tftpu.exe -- (Scprtn)
SRV - [2008/03/30 09:36:30 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/01/20 18:37:34 | 000,397,312 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2001/08/17 21:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/03 09:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 13:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 11:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/21 22:55:43 | 000,000,000 | ---D | M]

[2009/12/17 20:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Mozilla\Extensions
[2010/01/14 20:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Mozilla\Firefox\Profiles\vf4kq2b8.default\extensions
[2009/12/13 18:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allie\Application Data\Mozilla\Firefox\Profiles\vf4kq2b8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/17 11:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/10 14:28:59 | 000,072,192 | ---- | M] (SearchHelp, Inc.) -- C:\Program Files\Mozilla Firefox\components\perfs19.dll
[2010/02/14 15:25:26 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/02/21 10:30:24 | 000,302,828 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10437 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE (Apple Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1179760495516 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Wedding%20Dash%202/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.5 64.233.217.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Allie\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allie\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/21 09:10:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7dadd36b-d3d3-11dd-bd35-00045a4afe4a}\Shell - "" = AutoRun
O33 - MountPoints2\{7dadd36b-d3d3-11dd-bd35-00045a4afe4a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dadd36b-d3d3-11dd-bd35-00045a4afe4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f2cbaeb1-0383-11df-b6f5-00045a4afe4a}\Shell - "" = AutoRun
O33 - MountPoints2\{f2cbaeb1-0383-11df-b6f5-00045a4afe4a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2cbaeb1-0383-11df-b6f5-00045a4afe4a}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/21 09:10:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: KmReg - C:\WINDOWS\system32\keyoi01.sys (SearchHelp, Inc.)
SafeBootMin: NtLclIpc - C:\WINDOWS\system32\keyo01.sys (SearchHelp, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: Scprtn - C:\WINDOWS\system32\tftpu.exe (SearchHelp, Inc.)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: KmReg - C:\WINDOWS\system32\keyoi01.sys (SearchHelp, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLclIpc - C:\WINDOWS\system32\keyo01.sys (SearchHelp, Inc.)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: Scprtn - C:\WINDOWS\system32\tftpu.exe (SearchHelp, Inc.)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11825342046011392)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/24 20:04:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allie\Recent
[2010/02/24 09:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Local Settings\Application Data\PCHealth
[2010/02/22 19:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Desktop\New Folder
[2010/02/21 19:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/02/21 19:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/02/21 10:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/02/21 10:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/02/21 10:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/21 09:41:10 | 000,000,000 | --SD | C] -- C:\schrauberr31460s
[2010/02/20 22:28:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/20 22:27:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/20 22:27:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/20 22:27:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/20 22:27:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/20 22:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/20 22:27:12 | 000,000,000 | --SD | C] -- C:\schrauberr
[2010/02/20 17:51:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/20 11:48:44 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allie\Desktop\OTL.exe
[2010/02/20 11:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/20 11:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/02/20 11:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/02/20 11:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Winamp
[2010/02/19 21:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2010/02/15 22:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/15 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\zztoy
[2010/02/15 20:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Privacy and Registry Cleaner
[2010/02/15 20:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Uniblue
[2010/02/14 15:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Foxit
[2010/02/14 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/02/13 18:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/13 18:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\Application Data\Facebook
[2010/02/13 12:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/13 12:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/11 22:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\2BrightSparks Syncback
[2010/02/11 21:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allie\My Documents\Downloads
[2010/02/04 20:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/02/03 09:01:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/03 09:01:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/03 09:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/07 08:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/12 21:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/02 22:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/08/15 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/11 21:35:44 | 005,645,592 | ---- | C] (PokerStars) -- C:\Program Files\PokerStarsInstall.exe
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2010/02/25 05:33:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/25 05:27:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 05:27:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/25 05:27:12 | 000,350,195 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/25 05:27:12 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Qcmvxm.job
[2010/02/25 05:26:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/25 05:26:41 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 05:14:20 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\sysdnc.dat
[2010/02/25 05:14:06 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Allie\NTUSER.DAT
[2010/02/25 05:14:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Allie\ntuser.ini
[2010/02/25 05:13:57 | 006,424,880 | -H-- | M] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\IconCache.db
[2010/02/24 18:10:32 | 056,199,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/20 22:28:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/20 11:48:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allie\Desktop\OTL.exe
[2010/02/20 11:29:19 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/02/14 09:51:44 | 000,000,818 | ---- | M] () -- C:\Program Files\Shortcut to googleearth.lnk
[2010/02/13 15:33:21 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 13:40:17 | 000,465,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/13 13:40:17 | 000,079,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/13 13:40:16 | 000,555,932 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/13 13:35:00 | 000,390,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/13 12:17:06 | 000,089,088 | RHS- | M] () -- C:\WINDOWS\System32\msvcrt(2)G.dll
[2010/02/11 21:07:01 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Allie\NTUSER.DAT.gbck

========== Files Created - No Company Name ==========

[2010/02/20 22:28:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/20 22:28:54 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/20 22:27:26 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/20 22:27:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/20 22:27:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/20 22:27:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/20 22:27:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/20 11:29:19 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/02/14 09:51:44 | 000,000,818 | ---- | C] () -- C:\Program Files\Shortcut to googleearth.lnk
[2010/02/13 12:17:08 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Qcmvxm.job
[2010/02/13 12:17:06 | 000,089,088 | RHS- | C] () -- C:\WINDOWS\System32\msvcrt(2)G.dll
[2008/11/22 10:19:57 | 000,000,158 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/06/25 18:42:29 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/06/20 12:26:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/06/18 15:45:39 | 000,009,024 | ---- | C] () -- C:\WINDOWS\System32\sbnetkey.sys
[2008/04/02 20:38:19 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2008/03/29 17:03:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/24 10:42:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/11/27 19:49:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ds.INI
[2007/11/27 17:01:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/27 16:50:58 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2007/11/20 20:28:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/11/08 23:23:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kruptos.INI
[2007/10/05 18:51:45 | 000,004,820 | ---- | C] () -- C:\WINDOWS\CAMUNWISE.INI
[2007/10/05 18:50:41 | 000,000,090 | ---- | C] () -- C:\WINDOWS\jascreg.ini
[2007/10/05 18:49:24 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2007/09/29 14:13:34 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/01 13:12:06 | 000,010,463 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2007/09/01 12:52:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007/09/01 12:52:08 | 000,000,723 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/11 21:24:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\fusioncache.dat
[2007/07/14 19:43:45 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/07/04 15:38:58 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/04 15:13:22 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Allie\Local Settings\Application Data\FASTWiz.log
[2007/05/21 13:11:34 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/04/27 20:42:10 | 000,009,931 | ---- | C] () -- C:\WINDOWS\System32\mswgnaoie.dll
[2006/12/21 05:21:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\msngcaoid.dll
[2004/01/20 18:39:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/09/03 11:44:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2002/09/03 11:39:08 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2002/09/03 11:30:38 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[1998/06/11 20:08:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1998/06/11 20:08:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/02/12 16:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/11 22:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/13 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/11 23:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MostFun
[2009/12/17 19:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/23 16:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/02/21 10:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/02/21 19:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/14 12:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/02/23 17:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/20 21:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2008/10/14 21:04:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1BFA58C9-6B9E-433B-875A-6AD34E8AE1C3}
[2008/10/04 21:28:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AAFEDBA9-6580-4A50-8E64-52AA8F431026}
[2008/03/29 17:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\acccore
[2008/07/14 14:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Aim
[2009/01/11 18:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Alibre Design
[2010/02/11 22:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Amazon
[2010/02/15 20:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Auslogics
[2009/12/17 19:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Azureus
[2008/08/08 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\DatawareGames
[2010/02/13 18:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Facebook
[2010/02/14 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Foxit
[2007/07/30 20:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\FUJIFILM
[2008/12/24 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\GameInvest
[2009/12/17 19:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\GlarySoft
[2007/11/09 16:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\GoodSync
[2009/07/05 10:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\IObit
[2008/12/28 20:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\IOMediaSupport6SZZ001s
[2009/02/12 21:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Jane s Hotel
[2007/11/23 22:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\KewlBoxPrefs
[2009/04/25 20:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Obsidium
[2009/12/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\PlayFirst
[2009/05/07 20:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Playrix Entertainment
[2007/11/22 10:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Preclick Photo Organizer
[2008/03/29 22:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\QQ Games Plugin
[2009/10/25 19:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\SBTT
[2007/09/29 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Sereniti
[2008/12/28 20:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Spinapse
[2009/02/19 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\SpinTop
[2008/12/28 20:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Suspects and Clues Players
[2008/12/28 20:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Suspects and Clues Prefs
[2007/11/17 22:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Thunderbird
[2009/04/26 08:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Total Eclipse
[2010/02/15 20:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Uniblue
[2010/02/21 09:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\uTorrent
[2009/03/01 17:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Windows Desktop Search
[2009/12/19 22:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\Windows Search
[2010/02/13 12:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\WinPatrol
[2008/08/10 21:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\WNR
[2009/12/17 19:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allie\Application Data\yoclient
[2010/02/25 05:27:12 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Qcmvxm.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 08:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/05/21 11:35:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/02 18:42:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >