[Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Started By lobita68, Jun 13 2011 06:26 AM

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

49 replies to this topic

#1 lobita68

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 13 June 2011 - 06:26 AM

History: a couple viruses, failed system restore (Backup just threw everything all over-- unrelated files together in same folder and some not in a folder, files and folders put in wrong place, duplicates, deleted vital files and folders, etc. I restored the registry to the last good, which happened to be a day when I had the Avira desktop virus AND my keyboard didn't work due to IDVault.

Last night, after a failed msiexec installation, most of my drivers stopped working. I'm getting Errors 3, 31,0x80004005 and some I can't remember and when I go into Microsoft Defrag, the bar is almost completely red. My CPU's are at 100%. . I tried lowering priority of winlogon and csrss, but it says "access denied." It also says that when I try to do anything with Avira in Services. I can't find any form of the word "Avira" when I search, but you see on the log that it's there's a file called "avgio" and a couple others. I tried to run system restore again this morning, but it kept saying nothing was changed when I logged back on. My computer has been very slow, several drives and msiexec won't work, so it's hard for me to install updates or missing files: I've lost desktop settings, screen flickers alot and when I run my mouse over any folders at the top of my desktop I get a popup supposedly from Internet Explorer, stating "This page has an unspecified security risk would you like to continue?". This is when my browser is closed! None of the programs that are supposed to be able to connect directly to the net are able to. I even have to do the net diagnostic manually. I cleaned my laptop and I'm about halfway through the instructions for slow computer. I've tried several different forums, downloaded numerous articles and files, tried Mr. Fix-it and other cleaning/repair tools, tried Norton (can't even get it to install correctly), Malwarebytes, Superantispyware, ConsantGuard, ASC4, AVG, Avast, Combofix, Desktop Dr, Comcast Antispyware, Registry Fix8, Windows Registry Repair, CCleaner and a couple others. Thank you for taking the time to read this. P.S. Some icon called webhlp from Google just appeared on my desktop while I was typing this letter. Then Malwarebytes did a scan that I didn't request. SCARY!
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6839

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 3:42:37 PM
mbam-log-2011-06-12 (15-42-36).txt

Scan type: Quick scan
Objects scanned: 107094
Time elapsed: 15 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_________________________
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-12 22:04:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N040ATMR04-0 rev.MO2OAD0A
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxrdypob.sys

---- System - GMER 1.0.15 ----

SSDT F8D5CE86 ZwCreateKey
SSDT F8D5CE7C ZwCreateThread
SSDT F8D5CE8B ZwDeleteKey
SSDT F8D5CE95 ZwDeleteValueKey
SSDT F8D5CE9A ZwLoadKey
SSDT F8D5CE68 ZwOpenProcess
SSDT F8D5CE6D ZwOpenThread
SSDT F8D5CEA4 ZwReplaceKey
SSDT F8D5CE9F ZwRestoreKey
SSDT F8D5CE90 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1

---- EOF - GMER 1.0.15 ----
aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-12 22:26:35
-----------------------------
22:26:35.245 OS Version: Windows 5.1.2600 Service Pack 3
22:26:35.245 Number of processors: 1 586 0x209
22:26:35.245 ComputerName: SABRINA UserName: user
22:26:36.566 Initialize success
22:26:41.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:26:41.874 Disk 0 Vendor: IC25N040ATMR04-0 MO2OAD0A Size: 35312MB BusType: 3
22:26:41.974 Disk 0 MBR read successfully
22:26:41.984 Disk 0 MBR scan
22:26:41.984 Disk 0 Windows XP default MBR code
22:26:42.044 Disk 0 scanning sectors +72303840
22:26:42.155 Disk 0 scanning C:\WINDOWS\system32\drivers
22:27:09.644 Service scanning
22:27:12.478 Disk 0 trace - called modules:
22:27:12.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
22:27:12.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcd030]
22:27:12.528 3 CLASSPNP.SYS[f8683fd7] -> nt!IofCallDriver -> \Device\00000084[0x82f97638]
22:27:12.528 5 ACPI.sys[f85fa620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f978e8]
22:27:12.528 Scan finished successfully
22:34:39.040 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
22:34:39.050 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
___________________________

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-12 22:26:35
-----------------------------
22:26:35.245 OS Version: Windows 5.1.2600 Service Pack 3
22:26:35.245 Number of processors: 1 586 0x209
22:26:35.245 ComputerName: SABRINA UserName: user
22:26:36.566 Initialize success
22:26:41.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:26:41.874 Disk 0 Vendor: IC25N040ATMR04-0 MO2OAD0A Size: 35312MB BusType: 3
22:26:41.974 Disk 0 MBR read successfully
22:26:41.984 Disk 0 MBR scan
22:26:41.984 Disk 0 Windows XP default MBR code
22:26:42.044 Disk 0 scanning sectors +72303840
22:26:42.155 Disk 0 scanning C:\WINDOWS\system32\drivers
22:27:09.644 Service scanning
22:27:12.478 Disk 0 trace - called modules:
22:27:12.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
22:27:12.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcd030]
22:27:12.528 3 CLASSPNP.SYS[f8683fd7] -> nt!IofCallDriver -> \Device\00000084[0x82f97638]
22:27:12.528 5 ACPI.sys[f85fa620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f978e8]
22:27:12.528 Scan finished successfully
22:34:39.040 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
22:34:39.050 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
____________________________
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 15:35:28 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.253 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\user\Desktop\defogger\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net?cid=tbid06072011
uInternet Connection Wizard,ShellNext = iexplore
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live ID Sign-in Helper
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - SingleInstance Class
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
EB: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - &Research
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: comcast.com\www
Trusted Zone: comcast.net\xfinity
Trusted Zone: microsoft.com\social.technet
Trusted Zone: microsoft.com\technet
Trusted Zone: us.com\www.smartestcomputing
Trusted Zone: yahoo.com\login
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{3CD2A031-DB7A-4421-A546-FC6F0F9E7FA7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{673B9EF9-95BF-4838-BB9A-50FEF8699972} : NameServer = 68.87.66.10,68.87.69.150
TCP: Interfaces\{CE8F2BA3-5AB6-4615-A454-FAB7F54CBF24} : NameServer = 68.87.66.10,68.87.69.150
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
============= SERVICES / DRIVERS ===============
.
R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [2010-3-23 4992]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-5-20 19064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2010-3-23 16384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-24 61960]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [2002-9-23 611328]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AMPingService;AMPingService; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-4 22712]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 366640]
.
=============== Created Last 30 ================
.
2011-06-11 02:20:00 -------- dc-h--w- c:\windows\ie8
2011-06-11 02:16:18 -------- d-----w- C:\22f16ec3e593b250bf20ee
2011-06-11 02:03:17 -------- d-----w- c:\program files\NortonInstaller
2011-06-11 02:03:16 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-11 01:47:20 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-11 01:21:31 -------- d-----w- c:\documents and settings\user\application data\xfin_portal
2011-06-11 01:21:26 -------- d-----w- c:\program files\xfin_portal
2011-06-11 01:07:19 -------- d-----w- c:\windows\system32\Adobe
2011-06-11 01:04:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 20:14:16 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-06-10 20:14:16 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-06-10 05:03:42 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2011-06-10 05:03:42 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2011-06-10 05:03:42 15577 ----a-w- c:\windows\system32\ASINDIS3.vxd
2011-06-10 02:48:43 -------- d-----w- c:\program files\ASUS
2011-06-07 14:17:15 -------- d-----w- c:\documents and settings\user\application data\TP
2011-06-07 14:11:33 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2011-06-07 09:18:23 -------- d-----w- c:\documents and settings\user\application data\comcasttb
2011-06-07 09:18:00 -------- d-----w- c:\documents and settings\user\application data\CallingID
2011-06-07 09:16:07 -------- d-----w- c:\program files\common files\scanner
2011-06-07 09:16:06 -------- d-----w- c:\program files\comcasttb
2011-06-07 09:15:29 -------- d-----w- c:\windows\Downloaded Installations
2011-06-06 08:44:29 -------- d-----w- c:\windows\Network Diagnostic
2011-06-05 21:59:42 -------- d-----w- c:\program files\FinalWire
2011-06-05 20:13:06 68608 ----a-w- c:\windows\system32\dllcache\iisext51.dll
2011-06-05 20:12:33 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-05 20:07:29 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-05 20:07:28 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2011-06-05 00:17:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 00:17:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 00:17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 22:53:27 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2011-06-04 22:53:27 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-04 22:53:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-04 05:09:29 -------- d-----w- c:\documents and settings\user\local settings\application data\SupportSoft
2011-06-04 03:56:26 -------- d-----w- c:\program files\ACW
2011-06-04 01:31:33 -------- d-----w- c:\documents and settings\user\local settings\application data\RcIncidents
2011-05-24 07:37:52 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-05-24 07:37:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-24 01:01:27 -------- d-----w- c:\documents and settings\user\application data\Windows Search
2011-05-24 00:35:38 -------- d-----w- c:\windows\system32\winrm
2011-05-24 00:35:34 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-05-24 00:07:27 -------- d-----w- c:\program files\Windows Desktop Search
2011-05-20 12:29:13 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-05-20 12:29:09 -------- d-----w- c:\documents and settings\user\local settings\application data\ID Vault
2011-05-19 20:12:17 -------- d-----w- c:\documents and settings\all users\New Folder
2011-05-19 07:15:47 -------- d-----w- C:\UnknownFolder25826
2011-05-19 06:32:39 -------- d-----w- c:\windows\PIF
2011-05-18 12:33:54 -------- d-----w- c:\program files\sherlock
2011-05-18 12:33:54 -------- d-----w- c:\program files\mpc
2011-05-18 12:33:52 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-05-18 12:33:44 -------- d-----w- c:\program files\licenses
2011-05-18 12:33:40 107157 ----a-w- c:\program files\Uninstall.exe
2011-05-18 12:33:40 -------- d-----w- c:\windows\system32\XP Codec Pack2.5.1
2011-05-18 12:33:40 -------- d-----w- c:\program files\filters
2011-05-18 08:25:03 -------- d-----w- c:\program files\common files\ODBC
2011-05-18 08:14:43 -------- d-----w- C:\logs
2011-05-17 19:31:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-17 19:31:02 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-17 19:31:02 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-17 19:31:02 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-17 05:09:17 -------- d-----w- C:\Inetpub
2011-05-17 03:57:27 -------- d-----w- c:\documents and settings\user\Incomplete
2011-05-16 23:01:50 -------- d-----w- c:\program files\Fax
2011-05-16 13:04:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 07:28:41 -------- d-----w- c:\windows\system32\msmq
.
==================== Find3M ====================
.
2011-06-11 13:11:18 95744 -c--a-w- c:\windows\system32\msiexec.exe
2011-06-06 22:45:04 13312 -c--a-w- c:\windows\system32\win87em.dll
2011-06-06 01:11:46 131331 -c--a-w- c:\windows\UNINST32.EXE
2011-06-05 22:56:25 126464 -c--a-w- c:\windows\system32\wbem\wmiapsrv.exe
2011-06-05 22:55:41 507904 ----a-w- c:\windows\system32\winlogon.exe
2011-05-19 04:02:51 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-16 13:03:46 472808 -c--a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:36:44.15 =============== .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2010 9:50:17 PM
System Uptime: 6/11/2011 3:29:19 PM (0 hours ago)
.
Motherboard: IBM | | 23893HU
Processor: Intel® Pentium® 4 CPU 2.40GHz | None | 2390/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 11.532 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP33: 6/10/2011 10:29:55 PM - Installed Windows XP KB942288-v3.
RP34: 6/11/2011 3:03:19 AM - Software Distribution Service 3.0
RP35: 6/11/2011 7:43:42 AM - Restore Operation
RP36: 6/11/2011 7:47:39 AM - Restore Operation
RP37: 6/11/2011 8:21:52 AM - Restore Operation
RP38: 6/11/2011 8:37:57 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ASUS RT-N10+ Wireless Router Utilities
ASUS Wireless Router RT-N10+ Manuals
Driver Whiz
Free Window Registry Repair
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HWiNFO32 Version 3.20
IBM High Rate Wireless LAN MiniPCI Card
IBM ThinkPad Battery MaxiMiser and Power Management Features
Intel® Extreme Graphics 2 Driver
Internet Explorer (Enable DEP)
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 20
Java™ SE Development Kit 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Odyssey Client
OpenOffice.org 3.2
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
ThinkPad Power Management Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Word 2007 (KB974631)
Update for Windows Internet Explorer 8 (KB2447568)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Wireless-G Notebook Adapter
XFINITY Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 7:01:04 PM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
6/9/2011 1:44:33 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Generic Flash Disk USB Device.
6/6/2011 3:06:28 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2526954).
6/6/2011 3:03:22 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB978464).
6/6/2011 3:02:45 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2467174).
6/6/2011 2:32:13 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
6/6/2011 2:25:41 PM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
6/6/2011 2:25:41 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
6/6/2011 2:25:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/6/2011 2:11:15 PM, error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 2:11:15 PM, error: Service Control Manager [7000] - The NMSAccess service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 2:11:15 PM, error: Service Control Manager [7000] - The NICSer_WPC54G service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 2:11:15 PM, error: Service Control Manager [7000] - The AMPingService service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 12:28:03 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 12:26:55 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
6/6/2011 12:22:24 PM, error: Service Control Manager [7000] - The Microsoft Office Diagnostics Service service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 1:36:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio
6/6/2011 1:35:57 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
6/6/2011 1:35:57 AM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 1:35:57 AM, error: Service Control Manager [7000] - The NMSAccess service failed to start due to the following error: The system cannot find the file specified.
6/6/2011 1:35:57 AM, error: Service Control Manager [7000] - The NICSer_WPC54G service failed to start due to the following error: The system cannot find the file specified.
6/6/2011 1:35:57 AM, error: Service Control Manager [7000] - The Avira AntiVir Scheduler service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 1:35:57 AM, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The system cannot find the path specified.
6/6/2011 1:35:57 AM, error: Service Control Manager [7000] - The AMPingService service failed to start due to the following error: The system cannot find the file specified.
6/6/2011 1:34:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/6/2011 1:24:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/6/2011 1:04:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASMBATT avgio avipbb Fips HWiNFO32 intelppm ssmdrv TPPWR
6/5/2011 7:08:58 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
6/5/2011 4:19:41 PM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 00061BC2A5B1 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
6/5/2011 4:16:27 PM, error: Dhcp [1002] - The IP address lease 75.70.211.89 for the Network Card with network address 00061BC2A5B1 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
6/5/2011 12:40:16 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
6/5/2011 12:29:07 AM, error: Removable Storage Service [15] - RSM cannot manage library CdRom0. The database is corrupt.
6/5/2011 12:24:08 AM, error: NetDDE [206] - Listen failed: 15:
6/5/2011 12:08:14 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00061BC2A5B1. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/5/2011 1:19:13 PM, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
6/5/2011 1:19:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdrCATSCustConnectService service to connect.
6/5/2011 1:19:13 PM, error: Service Control Manager [7000] - The lxdrCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2011 1:19:11 PM, error: UPS [2481] - The UPS service is not configured correctly.
6/4/2011 8:18:25 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
6/4/2011 11:41:15 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
6/4/2011 11:41:15 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkIpx because another computer on the network has the same name. The server could not start.
6/10/2011 6:01:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00061BC2A5B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/10/2011 5:15:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00061BC2A5B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/10/2011 12:28:22 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.1 with the system having network hardware address BC:AE:C5:E6:05:C8. Network operations on this system may be disrupted as a result.
6/10/2011 11:28:52 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================
Thank you for taking the time to look at this!

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#2 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 13 June 2011 - 03:15 PM

Welcome aboard Posted Image

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================================================

First of all, do NOT use any registry related tools, as they can make things only worse.

Then, so far, I don't see anything malicious in your logs, but we'll keep checking...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

#3 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 13 June 2011 - 07:02 PM

Wow, you're fast! Here's the Rootkit report. I have a question, though. All the reports I've run recently show no viruses. If this is true, why are there Antivir remnants that won't let me access them and why is Avira "active and updated"? I don't understand.

Thanks.
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7447000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1171456 bytes (Agere Systems, SoftModem Device Driver)
0xBF070000 C:\WINDOWS\System32\ialmdd5.DLL 905216 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7768000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 827392 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7666000 C:\WINDOWS\system32\DRIVERS\AEIWLNDS.sys 634880 bytes (Actiontec Electronics, Inc, PRISM Wireless NDIS 5.1 Driver)
0xF75A1000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF8492000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7366000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEEA32000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2C31000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF14D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB2D01000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEE9D2000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF040000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xF73C4000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7701000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF85F4000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB2DE2000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8465000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2270000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF73F4000 C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys 176128 bytes (Funk Software, Inc., Odyssey Network Driver (EAPOL Only))
0xEEA0A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEE7DF000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF8580000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB23DB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB2F2C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF757D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7730000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF762F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE9B0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEE8EE000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF8548000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF85A6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF85C5000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF844B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB242C000 C:\DOCUME~1\user\LOCALS~1\Temp\pxrdypob.sys 102400 bytes
0xF7565000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF8568000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2F14000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF851F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7430000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2EFF000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB2834000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7652000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7754000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xEEA8B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8536000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF85E3000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF741F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF79CD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8813000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8833000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8823000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB2A79000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF794D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8683000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF87F3000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8843000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8663000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8863000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB255B000 C:\DOCUME~1\user\LOCALS~1\Temp\aswMBR.sys 45056 bytes
0xF8753000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8803000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8653000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8853000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8643000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF79DD000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8693000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8883000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB27A6000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8673000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF87E3000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xECE71000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF8873000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8743000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8773000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF898B000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8A4B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88EB000 C:\WINDOWS\System32\drivers\Tppwr.sys 32768 bytes (IBM Corp., IBM ThinkPad Power Management Device Driver)
0xF8963000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF897B000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8A33000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF88C3000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF896B000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8973000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88FB000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF88F3000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF895B000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8A3B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8A1B000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8983000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xF8A43000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF88CB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF899B000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF89A3000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8993000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB4386000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A5B000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8407000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB2C8D000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF7FE2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEF2B9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8A5F000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8A53000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8A57000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB4670000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF841B000 C:\Program Files\HWiNFO32\HWiNFO32.SYS 12288 bytes (REALiX™, HWiNFO32 Kernel Driver)
0xF8AF3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8B37000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF840F000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF840B000 C:\WINDOWS\system32\DRIVERS\TwoTrack.sys 12288 bytes (IBM Corporation, IBM PS/2 TrackPoint Mouse Filter Driver)
0xF8BA3000 C:\WINDOWS\System32\drivers\ASMBATT.SYS 8192 bytes (Quanta Computer,Inc., Battery Information Driver)
0xF8B9B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B49000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8B6B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B99000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B47000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8B43000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B9D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB2F62000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8B9F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B77000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B7F000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B45000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8CAF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8D44000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D45000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8C0C000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8C0B000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [aeaudio.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [compbatt.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [TwoTrack.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [AGRSM.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [cmbatt.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [battc.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [TPPWR.SYS]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [odysseyIM4.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [Sftvolxp.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [b57xp32.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [Sftredirxp.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [Sftplayxp.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [avgntmgr.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [ibmpmdrv.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [ssmdrv.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [BCMWL5.SYS]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [avgntdd.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [ASMBATT.SYS]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [Sftfsxp.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [smwdm.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [AEIWLNDS.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [ialmnt5.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#4 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 13 June 2011 - 07:11 PM

Your computer IS infected.

Quote

why are there Antivir remnants that won't let me access them and why is Avira "active and updated"?

Why are you saying "remnants"?
Is Avira not your current AV program, or is it not functional?

#5 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 13 June 2011 - 07:44 PM

I tried to delete every spec of Avira/Antivir/AV/Antivira, etcetera, months ago. The reports say it's still active, but I can't find it anywhere, except in the Services utility, where it shows automatic, but not active. It has always shown up there, but I am denied access to it. The day I deleted mbam is the day I became aware of the Avira Desktop virus, so I had no AV protection and tried several loops and backdoors to get in and delete it. I thought I had, until a couple days ago when I ran DDS. That's also when I found out that avgio is related to Avira. Remote Access Connection Manager won't let me disable it, either. I don't know if these two things are ralated or not. Can a virus be smart enough to keep itself alive like that?

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#6 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 13 June 2011 - 07:47 PM

Don't worry about those leftovers for now.

Go ahead with Combofix.

#7 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 13 June 2011 - 07:50 PM

Sorry to bother you, but I have another question. I've been using my usb flash drive and usb wireless mouse in this computer and also in my exboyfriend's brand new Toshiba. Could I have infected his computer, too? Should i start scanning and running reports on that one? It seems to be acting funny, but I think I might be paranoid.

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#8 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 13 June 2011 - 07:54 PM

Mouse, no.
USB Flash drive, possible.

It's always a good idea to install this on any computer....

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer

This way, nothing will jump (self-execute) from USB stick to your computer and you can safely scan USB stick with your AV program.

#9 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 13 June 2011 - 09:18 PM

Okay, I ran combofix but Avira was still showing "active" so I don't know how well it worked. The Avira files are not where the reports keep saying they are (I have show hidden files checked). Do I send you the ombofix report or run another rootkit report? I'm unsure of what I'm supposed to do next.

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#10 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 13 June 2011 - 09:26 PM

Please, give me Combofix log.

#11 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 14 June 2011 - 12:51 AM

Here's the combofix log. Thanks.

ComboFix 11-06-13.01 - user 06/13/2011 14:11:48.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.266 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\fixers\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - explorer.exe: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 07:13 . 2011-06-13 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-13 05:14 . 2011-06-13 05:14 -------- d-----w- c:\documents and settings\user\Application Data\ieSpell
2011-06-13 05:13 . 2011-06-13 05:13 -------- d-----w- c:\program files\ieSpell
2011-06-12 22:35 . 2011-06-13 00:37 -------- d-----w- c:\documents and settings\Kids
2011-06-12 20:31 . 2011-06-13 07:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2011-06-12 20:29 . 2011-06-12 20:29 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PackageAware
2011-06-12 19:50 . 2011-06-12 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-06-12 03:10 . 2011-06-12 03:39 -------- d-----w- c:\program files\FixerInst.Files
2011-06-11 02:20 . 2011-06-11 02:24 -------- dc-h--w- c:\windows\ie8
2011-06-11 02:16 . 2011-06-11 02:30 -------- d-----w- C:\22f16ec3e593b250bf20ee
2011-06-11 02:03 . 2011-06-11 02:03 -------- d-----w- c:\program files\NortonInstaller
2011-06-11 01:47 . 2011-06-11 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-06-11 01:21 . 2011-06-11 01:21 -------- d-----w- c:\documents and settings\user\Application Data\xfin_portal
2011-06-11 01:21 . 2011-06-11 01:23 -------- d-----w- c:\program files\xfin_portal
2011-06-11 01:07 . 2011-06-11 01:07 -------- d-----w- c:\windows\system32\Adobe
2011-06-11 01:04 . 2011-06-11 01:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 20:14 . 2006-11-29 03:46 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-06-10 20:14 . 2006-11-29 03:46 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-06-10 05:03 . 2003-04-22 03:46 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2011-06-10 05:03 . 2002-09-11 01:35 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2011-06-10 05:03 . 2001-04-16 11:48 15577 ----a-w- c:\windows\system32\ASINDIS3.vxd
2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\program files\ASUS
2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2011-06-07 14:17 . 2011-06-07 15:21 -------- d-----w- c:\documents and settings\user\Application Data\TP
2011-06-07 14:11 . 2011-06-11 04:14 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
2011-06-07 09:18 . 2011-06-07 09:18 -------- d-----w- c:\documents and settings\user\Application Data\comcasttb
2011-06-07 09:18 . 2011-06-08 06:22 -------- d-----w- c:\documents and settings\user\Application Data\CallingID
2011-06-07 09:16 . 2011-06-07 09:16 -------- d-----w- c:\program files\Common Files\scanner
2011-06-07 09:16 . 2011-06-07 09:16 -------- d-----w- c:\program files\comcasttb
2011-06-07 09:15 . 2011-06-07 09:15 -------- d-----w- c:\windows\Downloaded Installations
2011-06-06 07:03 . 2011-06-06 07:04 -------- d-----w- c:\documents and settings\Administrator.USER-CA21D652AC
2011-06-05 21:59 . 2011-06-05 21:59 -------- d-----w- c:\program files\FinalWire
2011-06-05 20:13 . 2008-04-14 12:41 68608 ----a-w- c:\windows\system32\dllcache\iisext51.dll
2011-06-05 20:12 . 2008-04-14 12:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-05 20:07 . 2008-04-14 12:41 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-05 20:07 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2011-06-05 00:17 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 00:17 . 2011-06-05 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 00:17 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 22:53 . 2011-06-04 22:53 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2011-06-04 22:53 . 2011-06-04 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-04 22:53 . 2011-06-12 09:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-04 05:09 . 2011-06-04 10:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\SupportSoft
2011-06-04 05:08 . 2011-06-04 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2011-06-04 03:56 . 2011-06-04 03:56 -------- d-----w- c:\program files\ACW
2011-06-04 01:31 . 2011-06-04 01:31 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\RcIncidents
2011-05-26 23:37 . 2011-05-26 23:38 -------- d-----w- c:\program files\Opera
2011-05-24 07:37 . 2011-05-24 07:37 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-05-24 07:37 . 2011-05-24 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-24 01:01 . 2011-05-24 01:01 -------- d-----w- c:\documents and settings\user\Application Data\Windows Search
2011-05-24 00:35 . 2011-05-24 00:35 -------- d-----w- c:\windows\system32\winrm
2011-05-24 00:35 . 2011-05-24 00:35 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-05-24 00:07 . 2011-05-25 02:46 -------- d-----w- c:\program files\Windows Desktop Search
2011-05-23 23:30 . 2011-05-23 23:30 -------- d-----w- c:\program files\Microsoft.NET
2011-05-21 09:31 . 2011-05-21 09:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-20 12:36 . 2011-05-20 12:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2011-05-20 12:29 . 2011-05-20 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2011-05-20 12:29 . 2011-05-28 01:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ID Vault
2011-05-19 20:12 . 2011-05-19 20:12 -------- d-----w- c:\documents and settings\All Users\New Folder
2011-05-19 07:15 . 2011-05-19 07:15 -------- d-----w- C:\UnknownFolder25826
2011-05-19 06:32 . 2011-05-19 06:32 -------- d-----w- c:\windows\PIF
2011-05-18 22:52 . 2011-05-18 22:52 -------- d-----w- c:\documents and settings\Danny & Addie
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\sherlock
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\mpc
2011-05-18 12:33 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\real
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\licenses
2011-05-18 12:33 . 2011-06-04 00:42 -------- d-----w- c:\windows\system32\XP Codec Pack2.5.1
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\filters
2011-05-18 08:14 . 2011-05-18 08:14 -------- d-----w- C:\logs
2011-05-17 19:31 . 2011-02-17 11:43 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-17 19:31 . 2009-03-08 10:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-17 19:31 . 2009-03-08 10:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-17 19:31 . 2009-02-07 03:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-17 05:09 . 2011-05-17 05:11 -------- d-----w- C:\Inetpub
2011-05-17 03:57 . 2011-06-02 04:38 -------- d-----w- c:\documents and settings\user\Incomplete
2011-05-16 23:01 . 2011-05-17 01:37 -------- d-----w- c:\program files\Fax
2011-05-16 13:05 . 2011-05-16 13:05 -------- d-----w- c:\program files\Common Files\Java
2011-05-16 13:04 . 2011-05-16 13:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 07:28 . 2011-05-16 07:28 -------- d-----w- c:\windows\system32\msmq
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 13:11 . 2004-08-04 12:00 95744 -c--a-w- c:\windows\system32\msiexec.exe
2011-06-06 22:45 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\win87em.dll
2011-06-06 01:11 . 2004-07-26 00:51 131331 -c--a-w- c:\windows\UNINST32.EXE
2011-06-05 22:56 . 2010-03-24 03:40 126464 -c--a-w- c:\windows\system32\wbem\wmiapsrv.exe
2011-06-05 22:55 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2011-05-19 04:02 . 2010-03-23 20:17 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-16 13:03 . 2010-05-21 03:53 472808 -c--a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 05:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-04-30 07:58 88363 -c--a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
2005-04-20 08:38 20480 -c--a-w- c:\program files\ThinkPad\Utilities\BMMLREF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
2005-04-20 08:38 396288 -c--a-w- c:\progra~1\ThinkPad\UTILIT~1\BATINFEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-03-10 17:16 126976 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-03-10 17:20 155648 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
2008-04-14 12:42 82944 -c--a-w- c:\windows\system32\tp4mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IS360service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\RT-N10+ Wireless Router Utilities\\Discovery.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [3/23/2010 10:41 PM 4992]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [5/20/2010 3:05 PM 19064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [3/23/2010 10:41 PM 16384]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [9/23/2002 8:16 PM 611328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/4/2011 6:17 PM 22712]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - BLACKBOX
*NewlyCreated* - CISVC
*NewlyCreated* - UPS
*Deregistered* - aswMBR
*Deregistered* - BlackBox
*Deregistered* - pxrdypob
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2010-03-24 08:38]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 15:36]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=tbid06072011
uInternet Connection Wizard,ShellNext = iexplore
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: comcast.com\www
Trusted Zone: comcast.net\xfinity
Trusted Zone: microsoft.com\social.technet
Trusted Zone: microsoft.com\technet
Trusted Zone: us.com\www.smartestcomputing
TCP: Interfaces\{673B9EF9-95BF-4838-BB9A-50FEF8699972}: NameServer = 68.87.66.10,68.87.69.150
TCP: Interfaces\{CE8F2BA3-5AB6-4615-A454-FAB7F54CBF24}: NameServer = 68.87.66.10,68.87.69.150
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 14:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-13 14:25:45
ComboFix-quarantined-files.txt 2011-06-13 20:25
.
Pre-Run: 12,348,608,512 bytes free
Post-Run: 12,336,234,496 bytes free
.
- - End Of File - - 14BB00AA2AD9FBB48297F2891336FA8E

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#12 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 14 June 2011 - 01:19 AM

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box
Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

SecCenter::
{AD166499-45F9-482A-A743-FDD3350758C7}

Folder::
c:\documents and settings\All Users\Application Data\~0

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

#13 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 14 June 2011 - 02:19 AM

It still gave me pop-ups about avira being active, but it looks like it may have overridden it finally. Anyways, you're the expert, not me, so here is the combofix log. Thank you...
ComboFix 11-06-13.01 - user 06/13/2011 19:53:23.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.125 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\fixers\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 00:44 . 1999-12-21 12:58 21312 ----a-w- c:\windows\choice.exe
2011-06-13 07:13 . 2011-06-13 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-13 05:14 . 2011-06-13 05:14 -------- d-----w- c:\documents and settings\user\Application Data\ieSpell
2011-06-13 05:13 . 2011-06-13 05:13 -------- d-----w- c:\program files\ieSpell
2011-06-12 22:35 . 2011-06-13 00:37 -------- d-----w- c:\documents and settings\Kids
2011-06-12 20:29 . 2011-06-12 20:29 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PackageAware
2011-06-12 19:50 . 2011-06-12 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-06-12 03:10 . 2011-06-13 21:51 -------- d-----w- c:\program files\FixerInst.Files
2011-06-11 02:20 . 2011-06-11 02:24 -------- dc-h--w- c:\windows\ie8
2011-06-11 02:16 . 2011-06-11 02:30 -------- d-----w- C:\22f16ec3e593b250bf20ee
2011-06-11 02:03 . 2011-06-11 02:03 -------- d-----w- c:\program files\NortonInstaller
2011-06-11 01:47 . 2011-06-11 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-06-11 01:21 . 2011-06-11 01:21 -------- d-----w- c:\documents and settings\user\Application Data\xfin_portal
2011-06-11 01:21 . 2011-06-11 01:23 -------- d-----w- c:\program files\xfin_portal
2011-06-11 01:07 . 2011-06-11 01:07 -------- d-----w- c:\windows\system32\Adobe
2011-06-11 01:04 . 2011-06-11 01:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 20:14 . 2006-11-29 03:46 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-06-10 20:14 . 2006-11-29 03:46 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-06-10 05:03 . 2003-04-22 03:46 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2011-06-10 05:03 . 2002-09-11 01:35 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2011-06-10 05:03 . 2001-04-16 11:48 15577 ----a-w- c:\windows\system32\ASINDIS3.vxd
2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\program files\ASUS
2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2011-06-07 14:17 . 2011-06-07 15:21 -------- d-----w- c:\documents and settings\user\Application Data\TP
2011-06-07 14:11 . 2011-06-11 04:14 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
2011-06-07 09:18 . 2011-06-07 09:18 -------- d-----w- c:\documents and settings\user\Application Data\comcasttb
2011-06-07 09:18 . 2011-06-08 06:22 -------- d-----w- c:\documents and settings\user\Application Data\CallingID
2011-06-07 09:16 . 2011-06-07 09:16 -------- d-----w- c:\program files\Common Files\scanner
2011-06-07 09:16 . 2011-06-07 09:16 -------- d-----w- c:\program files\comcasttb
2011-06-07 09:15 . 2011-06-07 09:15 -------- d-----w- c:\windows\Downloaded Installations
2011-06-06 07:03 . 2011-06-06 07:04 -------- d-----w- c:\documents and settings\Administrator.USER-CA21D652AC
2011-06-05 21:59 . 2011-06-05 21:59 -------- d-----w- c:\program files\FinalWire
2011-06-05 20:13 . 2008-04-14 12:41 68608 ----a-w- c:\windows\system32\dllcache\iisext51.dll
2011-06-05 20:12 . 2008-04-14 12:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-05 20:07 . 2008-04-14 12:41 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-05 20:07 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2011-06-05 00:17 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 00:17 . 2011-06-05 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 00:17 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 22:53 . 2011-06-04 22:53 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2011-06-04 22:53 . 2011-06-04 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-04 22:53 . 2011-06-12 09:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-04 05:09 . 2011-06-04 10:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\SupportSoft
2011-06-04 05:08 . 2011-06-04 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2011-06-04 03:56 . 2011-06-04 03:56 -------- d-----w- c:\program files\ACW
2011-06-04 01:31 . 2011-06-04 01:31 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\RcIncidents
2011-05-26 23:37 . 2011-05-26 23:38 -------- d-----w- c:\program files\Opera
2011-05-24 07:37 . 2011-05-24 07:37 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-05-24 07:37 . 2011-05-24 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-24 01:01 . 2011-05-24 01:01 -------- d-----w- c:\documents and settings\user\Application Data\Windows Search
2011-05-24 00:35 . 2011-05-24 00:35 -------- d-----w- c:\windows\system32\winrm
2011-05-24 00:35 . 2011-05-24 00:35 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-05-24 00:07 . 2011-05-25 02:46 -------- d-----w- c:\program files\Windows Desktop Search
2011-05-23 23:30 . 2011-05-23 23:30 -------- d-----w- c:\program files\Microsoft.NET
2011-05-21 09:31 . 2011-05-21 09:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-20 12:36 . 2011-05-20 12:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2011-05-20 12:29 . 2011-05-20 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2011-05-20 12:29 . 2011-05-28 01:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ID Vault
2011-05-19 20:12 . 2011-05-19 20:12 -------- d-----w- c:\documents and settings\All Users\New Folder
2011-05-19 07:15 . 2011-05-19 07:15 -------- d-----w- C:\UnknownFolder25826
2011-05-19 06:32 . 2011-05-19 06:32 -------- d-----w- c:\windows\PIF
2011-05-18 22:52 . 2011-05-18 22:52 -------- d-----w- c:\documents and settings\Danny & Addie
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\sherlock
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\mpc
2011-05-18 12:33 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\real
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\licenses
2011-05-18 12:33 . 2011-06-04 00:42 -------- d-----w- c:\windows\system32\XP Codec Pack2.5.1
2011-05-18 12:33 . 2011-05-18 12:33 -------- d-----w- c:\program files\filters
2011-05-18 08:14 . 2011-05-18 08:14 -------- d-----w- C:\logs
2011-05-17 19:31 . 2011-02-17 11:43 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-17 19:31 . 2009-03-08 10:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-17 19:31 . 2009-03-08 10:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-17 19:31 . 2009-02-07 03:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-17 05:09 . 2011-05-17 05:11 -------- d-----w- C:\Inetpub
2011-05-17 03:57 . 2011-06-02 04:38 -------- d-----w- c:\documents and settings\user\Incomplete
2011-05-16 23:01 . 2011-05-17 01:37 -------- d-----w- c:\program files\Fax
2011-05-16 13:05 . 2011-05-16 13:05 -------- d-----w- c:\program files\Common Files\Java
2011-05-16 13:04 . 2011-05-16 13:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 07:28 . 2011-05-16 07:28 -------- d-----w- c:\windows\system32\msmq
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 13:11 . 2004-08-04 12:00 95744 -c--a-w- c:\windows\system32\msiexec.exe
2011-06-06 22:45 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\win87em.dll
2011-06-06 01:11 . 2004-07-26 00:51 131331 -c--a-w- c:\windows\UNINST32.EXE
2011-06-05 22:56 . 2010-03-24 03:40 126464 -c--a-w- c:\windows\system32\wbem\wmiapsrv.exe
2011-06-05 22:55 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2011-05-19 04:02 . 2010-03-23 20:17 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-16 13:03 . 2010-05-21 03:53 472808 -c--a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-13_20.21.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-13 21:22 . 2011-06-13 21:22 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 05:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-04-30 07:58 88363 -c--a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
2005-04-20 08:38 20480 -c--a-w- c:\program files\ThinkPad\Utilities\BMMLREF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
2005-04-20 08:38 396288 -c--a-w- c:\progra~1\ThinkPad\UTILIT~1\BATINFEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-03-10 17:16 126976 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-03-10 17:20 155648 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
2008-04-14 12:42 82944 -c--a-w- c:\windows\system32\tp4mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IS360service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\RT-N10+ Wireless Router Utilities\\Discovery.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [3/23/2010 10:41 PM 4992]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [5/20/2010 3:05 PM 19064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [3/23/2010 10:41 PM 16384]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [9/23/2002 8:16 PM 611328]
S2 AMPingService;AMPingService; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/4/2011 6:17 PM 22712]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:17 PM 366640]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2010-03-24 08:38]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 15:36]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smartestcomputing.us.com/index.php?app=core&module=search&do=user_activity&mid=2619&userMode=title
uInternet Connection Wizard,ShellNext = iexplore
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: comcast.com\www
Trusted Zone: comcast.net\xfinity
Trusted Zone: microsoft.com\social.technet
Trusted Zone: microsoft.com\technet
Trusted Zone: us.com\www.smartestcomputing
TCP: Interfaces\{673B9EF9-95BF-4838-BB9A-50FEF8699972}: NameServer = 68.87.66.10,68.87.69.150
TCP: Interfaces\{CE8F2BA3-5AB6-4615-A454-FAB7F54CBF24}: NameServer = 68.87.66.10,68.87.69.150
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-13 20:05:48
ComboFix-quarantined-files.txt 2011-06-14 02:05
ComboFix2.txt 2011-06-13 20:25
.
Pre-Run: 12,317,147,136 bytes free
Post-Run: 12,313,608,192 bytes free
.
- - End Of File - - 42624F678805CACFC44C5AB6A5BABE32

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#14 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 14 June 2011 - 02:22 AM

That looks good :)

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#15 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 14 June 2011 - 03:12 AM

So how does it look now? On my end: still can't access avira in services and still can't get windows installer to work. Microsoft Answers suggests unregistering and reregistering msiexec. Do you agree with that? I won't do anything unless you say it's okay. Thanks...
OTL logfile created on: 6/13/2011 8:33:32 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\user\Desktop\fixers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 207.96 Mb Available Physical Memory | 41.39% Memory free
1.24 Gb Paging File | 1.05 Gb Available in Paging File | 84.68% Paging File free
Paging file location(s): C:\pagefile.sys 800 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.48 Gb Total Space | 11.49 Gb Free Space | 33.31% Space Free | Partition Type: NTFS

Computer Name: SABRINA | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 20:30:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\fixers\TFC.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/13 20:30:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\fixers\TFC.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
SRV - File not found [Auto | Stopped] -- -- (ose)
SRV - File not found [Auto | Stopped] -- -- (odserv)
SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [Auto | Stopped] -- -- (NICSer_WPC54G)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - File not found [Auto | Stopped] -- -- (AMPingService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/17 09:04:01 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/17 09:04:01 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/07/16 16:22:10 | 000,019,064 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/11/28 21:46:28 | 000,052,800 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/04/20 02:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/02/12 05:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/09/24 23:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/07/16 05:03:04 | 000,004,992 | ---- | M] (Quanta Computer,Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASMBATT.SYS -- (ASMBATT)
DRV - [2004/06/19 17:30:28 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/04/30 01:58:22 | 001,171,168 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/09/23 20:16:50 | 000,611,328 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [2001/08/17 07:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartestc...&userMode=title
IE - HKU\S-1-5-21-746137067-789336058-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

[2011/05/29 22:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/11/11 12:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2011/06/13 14:20:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-746137067-789336058-1343024091-1003..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Value error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2011/06/06 03:01:52 | 000,000,000 | ---D | M]
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: comcast.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: comcast.net ([xfinity] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: microsoft.com ([social.technet] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: microsoft.com ([technet] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: us.com ([www.smartestcomputing] http in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Value error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 21:46:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/13 14:48:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 14:48:31 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/06/13 01:15:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2011/06/13 01:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/12 23:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ieSpell
[2011/06/12 23:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2011/06/12 14:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PackageAware
[2011/06/12 13:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/06/12 03:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/06/12 03:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Help
[2011/06/11 21:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\FixerInst.Files
[2011/06/10 20:20:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/10 20:16:18 | 000,000,000 | ---D | C] -- C:\22f16ec3e593b250bf20ee
[2011/06/10 20:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/06/10 20:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/06/10 20:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Symantec
[2011/06/10 19:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/06/10 19:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/06/10 19:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\xfin_portal
[2011/06/10 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\xfin_portal
[2011/06/10 19:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/10 14:14:16 | 000,052,800 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50.sys
[2011/06/10 14:14:16 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50a64.sys
[2011/06/09 23:03:42 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASIW32N50.dll
[2011/06/09 23:03:42 | 000,016,302 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASINDIS5.sys
[2011/06/09 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011/06/09 20:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility
[2011/06/09 20:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield
[2011/06/07 08:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TP
[2011/06/07 08:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ElevatedDiagnostics
[2011/06/07 08:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/06/07 03:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\comcasttb
[2011/06/07 03:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\CallingID
[2011/06/07 03:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
[2011/06/07 03:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2011/06/07 03:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/06/06 02:44:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/06/06 01:02:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/05 15:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
[2011/06/05 15:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\FinalWire
[2011/06/05 00:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Received Files
[2011/06/04 18:17:46 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/04 18:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 18:17:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/04 18:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2011/06/04 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/04 16:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/04 16:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/04 04:42:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/04 04:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Widgets
[2011/06/04 04:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Widgets
[2011/06/03 23:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\SupportSoft
[2011/06/03 23:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/03 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2011/06/03 19:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\RcIncidents
[2011/05/26 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/05/25 12:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/05/24 22:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/05/24 01:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/05/24 01:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/23 19:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Windows Search
[2011/05/23 18:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/23 18:35:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/23 18:35:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/23 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/23 17:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/21 13:00:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\System Info
[2011/05/21 03:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/20 06:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2011/05/20 06:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/05/20 06:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ID Vault
[2011/05/19 14:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\New Folder
[2011/05/19 01:15:47 | 000,000,000 | ---D | C] -- C:\UnknownFolder25826
[2011/05/19 00:32:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/05/18 15:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\fixers
[2011/05/18 06:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\sherlock
[2011/05/18 06:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\mpc
[2011/05/18 06:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2011/05/18 06:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2011/05/18 06:33:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XP Codec Pack2.5.1
[2011/05/18 06:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\filters
[2011/05/18 02:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\errorlogs
[2011/05/18 02:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/18 02:14:43 | 000,000,000 | ---D | C] -- C:\logs
[2011/05/17 20:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Opera
[2011/05/17 13:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011/05/17 13:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/05/17 13:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/05/17 13:27:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/05/16 23:09:17 | 000,000,000 | ---D | C] -- C:\Inetpub
[2011/05/16 21:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Incomplete
[2011/05/16 17:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fax
[2011/05/16 07:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/16 01:28:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2010/07/29 23:16:36 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDRhcp.dll
[2010/07/29 23:16:35 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrusb1.dll
[2010/07/29 23:16:35 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrinpa.dll
[2010/07/29 23:16:35 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdriesc.dll
[2010/07/29 23:16:34 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrserv.dll
[2010/07/29 23:16:34 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrpmui.dll
[2010/07/29 23:16:34 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrlmpm.dll
[2010/07/29 23:16:33 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrhbn3.dll
[2010/07/29 23:16:33 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrih.exe
[2010/07/29 23:16:32 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrcomc.dll
[2010/07/29 23:16:32 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrcoms.exe
[2010/07/29 23:16:32 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrcomm.dll
[2010/07/29 23:16:31 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdrcfg.exe
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/13 20:39:51 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2011/06/13 20:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/13 19:48:31 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ComboFix.exe.lnk
[2011/06/13 19:19:26 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 19:00:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to lightning.jpg.lnk
[2011/06/13 19:00:02 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to Sun.jpg.lnk
[2011/06/13 18:47:39 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to stats.lnk
[2011/06/13 18:41:55 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Internet Access.lnk
[2011/06/13 15:55:14 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TFC.exe.lnk
[2011/06/13 15:54:49 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Flash_Disinfector.exe.lnk
[2011/06/13 15:54:30 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Flash_Disinfector.exe.lnk
[2011/06/13 15:54:00 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to pagedfrg.exe.lnk
[2011/06/13 15:53:15 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to CCleaner.exe.lnk
[2011/06/13 15:45:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 15:45:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/13 15:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/13 14:20:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/12 03:18:44 | 000,487,274 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/12 03:18:44 | 000,080,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/10 20:36:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 16:13:37 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/07 15:56:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/06/07 15:38:54 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Firefox Sync Key.html
[2011/06/07 12:23:17 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/06 16:45:04 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2011/06/05 19:26:21 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.bak
[2011/06/05 19:11:46 | 000,131,331 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2011/06/05 18:51:48 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\user\Remote Assistance.lnk
[2011/06/05 13:18:59 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 03:53:44 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 15:53:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/21 05:42:39 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/21 05:42:39 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/16 03:04:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\user\Desktop\&Help and Support.lnk

========== Files Created - No Company Name ==========

[2011/06/13 19:48:31 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ComboFix.exe.lnk
[2011/06/13 19:00:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to lightning.jpg.lnk
[2011/06/13 19:00:02 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to Sun.jpg.lnk
[2011/06/13 18:47:39 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to stats.lnk
[2011/06/13 18:44:25 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2011/06/13 18:41:55 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Internet Access.lnk
[2011/06/13 15:55:14 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TFC.exe.lnk
[2011/06/13 15:54:49 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Flash_Disinfector.exe.lnk
[2011/06/13 15:54:30 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Flash_Disinfector.exe.lnk
[2011/06/13 15:54:00 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to pagedfrg.exe.lnk
[2011/06/13 15:53:15 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to CCleaner.exe.lnk
[2011/06/12 03:18:38 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/09 23:03:42 | 000,015,577 | ---- | C] () -- C:\WINDOWS\System32\ASINDIS3.vxd
[2011/06/09 02:33:41 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 15:38:18 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Firefox Sync Key.html
[2011/06/05 03:53:27 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/06/05 03:37:02 | 000,762,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/05 00:11:44 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/26 17:40:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/24 21:04:57 | 000,202,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/18 06:33:52 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2011/05/17 13:36:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
[2011/05/16 03:04:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\user\Desktop\&Help and Support.lnk
[2010/10/23 14:48:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/23 14:48:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/23 14:48:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/23 14:48:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/23 14:48:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 16:39:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/21 14:00:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/08/25 12:51:43 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/24 19:29:21 | 000,001,698 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2010/07/29 23:21:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdrvs.dll
[2010/07/29 23:21:37 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdrcoin.dll
[2010/07/29 23:19:41 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdrdrs.dll
[2010/07/29 23:19:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdrcaps.dll
[2010/07/29 23:19:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdrcnv4.dll
[2010/07/29 23:17:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdrrwrd.ini
[2010/07/29 23:16:36 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDRinst.dll
[2010/07/29 23:16:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdrgrd.dll
[2010/07/05 17:27:02 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 20:42:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2010/05/25 17:44:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2010/05/24 18:41:40 | 000,019,512 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/23 20:50:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/20 18:29:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/23 22:41:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2010/03/23 21:50:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/23 21:42:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/23 14:14:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/23 14:13:35 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 09:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 11:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 11:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 11:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 11:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 10:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/11/02 10:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,487,274 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,080,842 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/01 21:17:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PnPscan.exe
[2002/11/01 20:15:44 | 000,200,765 | ---- | C] () -- C:\WINDOWS\System32\scandll.dll
[2002/10/10 12:03:08 | 000,151,610 | ---- | C] () -- C:\WINDOWS\System32\uddliv.exe
[2002/10/10 12:03:08 | 000,151,610 | ---- | C] () -- C:\WINDOWS\System32\uddbraxs.exe
[2002/10/10 12:03:08 | 000,151,610 | ---- | C] () -- C:\WINDOWS\System32\uddbraxp.exe
[2002/10/10 12:03:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DrvInit.exe

========== LOP Check ==========

[2010/05/31 12:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/06/12 13:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/05/20 06:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/08/06 14:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 4900 Series
[2010/08/26 11:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Morpheus PRO
[2010/11/28 12:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/08/11 11:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pix
[2011/04/22 12:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/10/03 16:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/06/03 23:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/04 02:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/03 01:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/13 01:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/05/18 16:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny & Addie\Application Data\Opera
[2011/06/12 16:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\comcasttb
[2011/06/12 16:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\xfin_portal
[2011/05/20 06:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2011/06/08 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CallingID
[2010/06/14 21:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canneverbe Limited
[2011/06/07 03:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\comcasttb
[2011/06/10 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ElevatedDiagnostics
[2011/05/05 20:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Floodlight Games
[2011/05/16 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2011/06/12 23:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ieSpell
[2010/07/29 23:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Lexmark Productivity Studio
[2011/05/05 21:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Morpheus PRO
[2010/05/22 12:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller
[2010/12/10 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Oberon Media
[2010/05/20 16:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/05/26 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2010/10/06 14:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SoftGrid Client
[2010/11/11 12:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Thunderbird
[2011/06/07 09:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TP
[2011/05/23 19:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2011/06/10 19:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\xfin_portal
[2011/06/13 20:39:51 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/05/05 00:19:45 | 000,002,291 | ---- | M] () -- C:\Adobe Reader 9.lnk
[2010/03/23 21:46:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/13 19:45:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/07 15:56:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/06/13 20:05:49 | 000,016,050 | ---- | M] () -- C:\ComboFix.txt
[2010/03/23 21:46:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/05 13:18:59 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/23 21:46:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/21 12:32:32 | 000,009,813 | ---- | M] () -- C:\langv5.dat
[2010/03/23 21:46:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/23 22:33:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/13 15:21:42 | 838,860,800 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/23 21:45:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/05/16 09:12:02 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdrdrpp.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/06/10 16:36:53 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/02/20 16:11:02 | 000,000,815 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/23 14:12:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/23 14:12:55 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/23 14:12:55 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/23 22:50:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/24 09:18:34 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/24 09:18:36 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/05 14:14:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/05/29 23:40:13 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\desktop.ini
[2011/06/13 20:33:27 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 06:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 00:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 00:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 00:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-14 00:40:22

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C72F564
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3239111
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F4507F1
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8668AB36
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71173EF9
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7149F3EF
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971C465E
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C07A02
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAB3DBA7
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D853F961
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCFEE39
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFA5D33
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1B17F59
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DF74DCB
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19DEDE0B
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A77963
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\UNINST32.EXE:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\winlogon.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\win87em.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\msiexec.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:SummaryInformation
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4EA2059
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87EF2A8F
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DBBB4EA
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3AB0B43
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80AC2AE7
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AC05C4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A21E43C2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EA243DE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22BE18FA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC82B99A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A45440
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3743754
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A5AE078
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370A117C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93AD83DB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F216755A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029E021F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCB70953
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B683AD23
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8C08E7E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62ED20AA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A56D50C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:793ABD2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E68DE76B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60505779
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EBB9F42
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C765DD3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1873334
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B7E8FC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062B5EB4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4FB07B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31A2B3E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D88CB084
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA53F6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A851AD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D83224FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6F36A30
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C51E3D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC3A8C9F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B1FB40
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797CB037
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F3BEF81
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFE0DF7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1AF9181
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6CC3E51
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7795C764
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50D4F48C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C782A05
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857692EC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78AFAE94
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D73016
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AF0F0F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2531632
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:647FA878
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55FD1789
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2881AFC0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151FFD7D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD37E8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D509ABF5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8F55F6A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDDF646C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21BADD8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A74C53
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAD1FF9
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C63BEDF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE09DDA8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BADEA6EA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B27D3A9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64648EF8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F568DD7B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1F8F69
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25D218B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:863F4B04
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1E651F6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC870092
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E72B2E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE0AE44
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C33D28
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEAB1922
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:844D6203
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAEAE395
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C83012A4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E7801FF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:302376F2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204C7BBB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C9CF74
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EA719EA
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76636AD0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11411CE5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08517B17
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CD67850
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA328E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A30B75
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38CEAA1E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3325D6E9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:083BD81C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98449994
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94C67BE8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8842A96D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E3940D6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE8AC90A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D68FBF6D
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D03C5C20
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B04ECD29
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9C4BE9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E29D590
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DC65DC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029300DC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

< End of report >
OTL Extras logfile created on: 6/13/2011 8:33:32 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\user\Desktop\fixers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 207.96 Mb Available Physical Memory | 41.39% Memory free
1.24 Gb Paging File | 1.05 Gb Available in Paging File | 84.68% Paging File free
Paging file location(s): C:\pagefile.sys 800 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.48 Gb Total Space | 11.49 Gb Free Space | 33.31% Space Free | Partition Type: NTFS

Computer Name: SABRINA | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- [2011/06/06 03:01:52 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- [2011/06/06 03:01:52 | 000,000,000 | ---D | M]
"C:\Program Files\ASUS\RT-N10+ Wireless Router Utilities\Discovery.exe" = C:\Program Files\ASUS\RT-N10+ Wireless Router Utilities\Discovery.exe:*:Disabled:ASUS Device Discovery Application -- (ASUSTeK COMPUTER INC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java™ SE Development Kit 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{573B222C-4AC0-44A3-9C9F-43437B7C1833}" = ASUS Wireless Router RT-N10+ Manuals
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7ADFB43D-DA70-44AB-877A-4A4CAE63F706}" = IBM High Rate Wireless LAN MiniPCI Card
"{7CD7017F-40BA-405C-A2CE-01C34151C6D1}" = ASUS RT-N10+ Wireless Router Utilities
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Free Window Registry Repair" = Free Window Registry Repair
"HWiNFO32_is1" = HWiNFO32 Version 3.20
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{7ADFB43D-DA70-44AB-877A-4A4CAE63F706}" = IBM High Rate Wireless LAN MiniPCI Card
"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xfin_portal" = XFINITY Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-789336058-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2011 7:16:01 PM | Computer Name = SABRINA | Source = AntiSpywareService | ID = 0
Description =

Error - 6/10/2011 8:20:37 PM | Computer Name = SABRINA | Source = AntiSpywareService | ID = 0
Description =

Error - 6/10/2011 9:21:47 PM | Computer Name = SABRINA | Source = AntiSpywareService | ID = 0
Description =

Error - 6/10/2011 10:15:09 PM | Computer Name = SABRINA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/10/2011 10:15:09 PM | Computer Name = SABRINA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/10/2011 10:15:26 PM | Computer Name = SABRINA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/10/2011 10:15:26 PM | Computer Name = SABRINA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2011 10:47:35 AM | Computer Name = SABRINA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715ba067.

Error - 6/12/2011 6:44:04 AM | Computer Name = SABRINA | Source = ComcastAntiSpyService.exe | ID = 0
Description =

Error - 6/12/2011 6:44:12 AM | Computer Name = SABRINA | Source = ComcastAntiSpyService.exe | ID = 0
Description =

[ System Events ]
Error - 6/13/2011 5:22:08 PM | Computer Name = SABRINA | Source = Service Control Manager | ID = 7000
Description = The Yahoo! Updater service failed to start due to the following error:
%%3

Error - 6/13/2011 5:22:10 PM | Computer Name = SABRINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 6/13/2011 6:01:27 PM | Computer Name = SABRINA | Source = NetDDE | ID = 206
Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
network number.

Error - 6/13/2011 8:36:38 PM | Computer Name = SABRINA | Source = NetDDE | ID = 206
Description = Listen failed: 15:

Error - 6/13/2011 8:38:51 PM | Computer Name = SABRINA | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/13/2011 8:38:56 PM | Computer Name = SABRINA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2467174).

Error - 6/13/2011 8:39:27 PM | Computer Name = SABRINA | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/13/2011 8:40:21 PM | Computer Name = SABRINA | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/13/2011 8:40:26 PM | Computer Name = SABRINA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Silverlight (KB2526954).

Error - 6/13/2011 9:52:29 PM | Computer Name = SABRINA | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

< End of report >

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#16 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 14 June 2011 - 03:15 AM

As for Avira...I suggest, you leave it alone.
I'll check your OTL logs in a moment for any Avira leftovers.
When done, we'll try to install something else.
As for Windows installer, let's finish cleaning process first and we'll go from there.
Hold on there...

#17 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 14 June 2011 - 03:27 AM

Okay, I will wait for you before I make another move. Thanks for your help.

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#18 Broni Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 27s

Posted 14 June 2011 - 03:29 AM

Quote

502.42 Mb Total Physical Memory

Your computer could surely use another 512MB of RAM for better performance.

=========================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
SRV - File not found [Auto | Stopped] -- -- (ose)
SRV - File not found [Auto | Stopped] -- -- (odserv)
SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - File not found [Auto | Stopped] -- -- (AMPingService)
DRV - [2010/12/17 09:04:01 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/17 09:04:01 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Value error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: comcast.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: comcast.net ([xfinity] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: microsoft.com ([social.technet] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: microsoft.com ([technet] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: us.com ([www.smartestcomputing] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/06/10 20:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/06/10 20:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Symantec
[2011/06/10 19:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/06/10 19:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C72F564
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3239111
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F4507F1
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8668AB36
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71173EF9
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7149F3EF
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971C465E
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C07A02
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAB3DBA7
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D853F961
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCFEE39
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFA5D33
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1B17F59
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DF74DCB
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19DEDE0B
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A77963
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\UNINST32.EXE:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\winlogon.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\win87em.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\msiexec.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:SummaryInformation
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4EA2059
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87EF2A8F
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DBBB4EA
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3AB0B43
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80AC2AE7
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AC05C4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A21E43C2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EA243DE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22BE18FA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC82B99A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A45440
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3743754
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A5AE078
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370A117C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93AD83DB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F216755A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029E021F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCB70953
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B683AD23
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8C08E7E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62ED20AA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A56D50C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:793ABD2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E68DE76B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60505779
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EBB9F42
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C765DD3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1873334
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B7E8FC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062B5EB4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4FB07B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31A2B3E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D88CB084
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA53F6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A851AD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D83224FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6F36A30
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C51E3D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC3A8C9F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B1FB40
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797CB037
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F3BEF81
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFE0DF7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1AF9181
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6CC3E51
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7795C764
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50D4F48C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C782A05
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857692EC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78AFAE94
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D73016
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AF0F0F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2531632
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:647FA878
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55FD1789
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2881AFC0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151FFD7D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD37E8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D509ABF5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8F55F6A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDDF646C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21BADD8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A74C53
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAD1FF9
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C63BEDF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE09DDA8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BADEA6EA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B27D3A9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64648EF8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F568DD7B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1F8F69
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25D218B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:863F4B04
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1E651F6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC870092
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E72B2E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE0AE44
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C33D28
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEAB1922
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:844D6203
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAEAE395
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C83012A4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E7801FF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:302376F2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204C7BBB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C9CF74
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EA719EA
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76636AD0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11411CE5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08517B17
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CD67850
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA328E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A30B75
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38CEAA1E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3325D6E9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:083BD81C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98449994
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94C67BE8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8842A96D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E3940D6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE8AC90A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D68FBF6D
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D03C5C20
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B04ECD29
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9C4BE9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E29D590
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DC65DC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029300DC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

#19 lobita68 Re: [Inactive] Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:11 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 14 June 2011 - 04:04 AM

All processes killed
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (YahooAUService) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (wlidsvc) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (ose) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (odserv) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (NMSAccess) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (AntiVirService) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService) > in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (AMPingService) > in the current context!
Error: Unable to interpret <DRV - [2010/12/17 09:04:01 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) > in the current context!
Error: Unable to interpret <DRV - [2010/12/17 09:04:01 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) > in the current context!
Error: Unable to interpret <DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) > in the current context!
Error: Unable to interpret <O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found > in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: comcast.com ([www] http in Trusted sites) > in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: comcast.net ([xfinity] http in Trusted sites) > in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: microsoft.com ([social.technet] http in Trusted sites) > in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: microsoft.com ([technet] http in Trusted sites) > in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-746137067-789336058-1343024091-1003\..Trusted Domains: us.com ([www.smartestcomputing] http in Trusted sites) > in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) > in the current context!
Error: Unable to interpret <[2011/06/10 20:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller > in the current context!
Error: Unable to interpret <[2011/06/10 20:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Symantec > in the current context!
Error: Unable to interpret <[2011/06/10 19:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton > in the current context!
Error: Unable to interpret <[2011/06/10 19:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C72F564 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3239111 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F4507F1 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8668AB36 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71173EF9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7149F3EF > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971C465E > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C07A02 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAB3DBA7 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D853F961 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCFEE39 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFA5D33 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1B17F59 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DF74DCB > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19DEDE0B > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A77963 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 88 bytes -> C:\WINDOWS\UNINST32.EXE:SummaryInformation > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\winlogon.exe:SummaryInformation > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\win87em.dll:SummaryInformation > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\msiexec.exe:SummaryInformation > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:SummaryInformation > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4EA2059 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87EF2A8F > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DBBB4EA > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3AB0B43 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80AC2AE7 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AC05C4 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A21E43C2 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EA243DE > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22BE18FA > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC82B99A > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A45440 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3743754 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A5AE078 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370A117C > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93AD83DB > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F216755A > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029E021F > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCB70953 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B683AD23 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8C08E7E > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62ED20AA > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A56D50C > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:793ABD2B > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E68DE76B > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60505779 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EBB9F42 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C765DD3 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1873334 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B7E8FC > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062B5EB4 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4FB07B > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31A2B3E > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D88CB084 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA53F6 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A851AD > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D83224FA > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6F36A30 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C51E3D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC3A8C9F > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B1FB40 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797CB037 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F3BEF81 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFE0DF7 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1AF9181 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6CC3E51 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7795C764 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50D4F48C > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C782A05 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857692EC > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78AFAE94 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D73016 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AF0F0F > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2531632 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:647FA878 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55FD1789 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2881AFC0 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151FFD7D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD37E8 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D509ABF5 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8F55F6A > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDDF646C > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21BADD8 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A74C53 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAD1FF9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C63BEDF > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE09DDA8 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BADEA6EA > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B27D3A9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64648EF8 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F568DD7B > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1F8F69 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25D218B > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:863F4B04 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1E651F6 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC870092 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E72B2E > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE0AE44 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C33D28 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEAB1922 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DFE5191 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:844D6203 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAEAE395 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C83012A4 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E7801FF > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:302376F2 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204C7BBB > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C9CF74 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EA719EA > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76636AD0 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11411CE5 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08517B17 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CD67850 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA328E7 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A30B75 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38CEAA1E > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3325D6E9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:083BD81C > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98449994 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94C67BE8 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8842A96D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E3940D6 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE8AC90A > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D68FBF6D > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D03C5C20 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B04ECD29 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9C4BE9 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E29D590 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DC65DC > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029300DC > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1 > in the current context!
Error: Unable to interpret < > in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.USER-CA21D652AC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

Here it is. Thanks...
User: Danny & Addie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2611 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 3824601 bytes
->Temporary Internet Files folder emptied: 3794073 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1156930467 bytes

Total Files Cleaned = 1,111.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.USER-CA21D652AC
->Flash cache emptied: 0 bytes

User: All Users

User: Danny & Addie
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kids
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.0 log created on 06132011_215756

Files\Folders moved on Reboot...
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\1F109ZNO\page__pid__168142__st__15[1].htm moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}