0

JetsMets77. You really should have started your own thread rather than take over somebody else's.

Now that you have made so many posts here though, please do the following;

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
0

Thanks crunchie and I'm terribly sorry for not starting my own thread. I foolishly thought since I had the same problem as the original poster that it would require the same solution; boy was I wrong. Again, my apologies and in spite of that I truly appreciate you taking the time to help me. Below is the log..

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`04e71400

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

0

The above result is why you should follow the procedure set down in our sticky. As you said, problems may look the same, but invariably, they are different and need different remedies.

==

Open Notepad
Copy and paste following text into Notepad:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Reboot.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

0

crunchie you're right and like I said I'm sorry. It was really stupid of me to assume our issues were identical. I guess due to me not being so computer savvy my impatience got the best of me and like I said earlier in spite of that I do greatly appreciate your assistance here.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`04e71400

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

0

I followed your instructions precisely on fix.bat and like you said a black screen does appear however a dialog box pops up saying "Windows cannot find remover.exe. Make sure you typed the name correctly, and then try again. To search for a file click the Start button and then click Search". I double checked to make sure I did everything exactly as you instructed.

0

Try this instead please.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

0

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x86726000 \WINDOWS\system32\KDCOM.DLL
0xF7A58000 \WINDOWS\system32\BOOTVID.dll
0xF7515000 ACPI.sys
0xF7B44000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7504000 pci.sys
0xF7644000 isapnp.sys
0xF7654000 ohci1394.sys
0xF7664000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A5C000 compbatt.sys
0xF7A60000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C0C000 pciide.sys
0xF78C4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7674000 MountMgr.sys
0xF74E5000 ftdisk.sys
0xF78CC000 PartMgr.sys
0xF7684000 VolSnap.sys
0xF74CD000 atapi.sys
0xF7694000 disk.sys
0xF76A4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74AD000 fltmgr.sys
0xF749B000 sr.sys
0xF7484000 KSecDD.sys
0xF73F7000 Ntfs.sys
0xF73CA000 NDIS.sys
0xF73B0000 Mup.sys
0xF7794000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF59C7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF59B3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6306000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF598F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF62FE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5967000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF582C000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF77A4000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF77B4000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF5818000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF62EE000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF5804000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF57B3000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF62DE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF61F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF61EB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF62CE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF62BE000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xF62AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF629E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5790000 \SystemRoot\system32\DRIVERS\ks.sys
0xF61E3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7AE8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7AEC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7D63000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF628E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5779000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF627E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF626E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF61DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5768000 \SystemRoot\system32\DRIVERS\psched.sys
0xF625E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF61D3000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF61CB000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF60B1000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF60A1000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B7E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF570A000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AFC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7714000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7834000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BB6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF2B1F000 \SystemRoot\system32\drivers\sthda.sys
0xF2AFB000 \SystemRoot\system32\drivers\portcls.sys
0xF7844000 \SystemRoot\system32\drivers\drmk.sys
0xF7B4A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xECCDB000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B4C000 \SystemRoot\System32\Drivers\Beep.SYS
0xEFD2C000 \SystemRoot\System32\drivers\vga.sys
0xF7B4E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B50000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xED555000 \SystemRoot\System32\Drivers\Msfs.SYS
0xED54D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF2AE3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEB517000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEB4BE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF0C9000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEDF52000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEC90D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDF2A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEC8FD000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEDF08000 \SystemRoot\System32\drivers\afd.sys
0xEB091000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEB0B8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xED525000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xED515000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEDE9E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDE2E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xED0D9000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDE10000 \SystemRoot\System32\Drivers\usbvideo.sys
0xEECF3000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEE0D4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF01D1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEB049000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BAE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF8CB000 \SystemRoot\System32\drivers\Dxapi.sys
0xEF9EC000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xEF4DE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7378000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEB042000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBAFE9000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xBAE7C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBAE3F000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF0A9000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA0FF000 \SystemRoot\system32\DRIVERS\srv.sys
0xB995B000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFCF4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
776 C:\WINDOWS\system32\smss.exe
832 csrss.exe
860 C:\WINDOWS\system32\winlogon.exe
908 C:\WINDOWS\system32\services.exe
920 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1328 svchost.exe
1372 svchost.exe
1496 C:\WINDOWS\system32\WLTRYSVC.EXE
1536 C:\WINDOWS\system32\BCMWLTRY.EXE
1620 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1876 C:\WINDOWS\explorer.exe
172 C:\WINDOWS\system32\spoolsv.exe
328 svchost.exe
568 C:\WINDOWS\system32\rundll32.exe
576 C:\WINDOWS\system32\rundll32.exe
588 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
600 C:\WINDOWS\system32\WLTRAY.EXE
648 C:\Program Files\iTunes\iTunesHelper.exe
680 C:\Program Files\Java\jre6\bin\jusched.exe
700 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
712 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
808 C:\WINDOWS\system32\ctfmon.exe
1052 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1296 C:\WINDOWS\system32\bgsvcgen.exe
1756 C:\Program Files\Bonjour\mDNSResponder.exe
2060 C:\Program Files\Java\jre6\bin\jqs.exe
2096 C:\WINDOWS\system32\nvsvc32.exe
2180 C:\WINDOWS\system32\svchost.exe
2240 wdfmgr.exe
2604 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
2792 C:\Program Files\iPod\bin\iPodService.exe
2824 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
3180 alg.exe
3796 C:\WINDOWS\system32\wuauclt.exe
3904 C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe
424 C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe
1388 C:\WINDOWS\system32\msiexec.exe
3468 C:\Documents and Settings\Brian\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2546GSX, Rev: LB012D

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

0

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

OTL logfile created on: 10/22/2010 5:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Brian\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.01 Gb Total Space | 82.84 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Computer Name: BRIANPC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 17:07:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\My Documents\Downloads\OTL.exe
PRC - [2010/10/15 22:22:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe
PRC - [2010/09/07 13:23:20 | 003,016,560 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/12 21:02:40 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2010/10/22 17:07:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/12 21:02:40 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Brian\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/12 21:02:41 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/06/02 12:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/28 11:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 11:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 11:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 06:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1369718
IE - HKCU\..\URLSearchHook: {011f9246-da13-4555-9998-6e4805bd533f} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 18:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/19 14:43:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components [2010/10/15 22:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins [2010/10/15 22:22:23 | 000,000,000 | ---D | M]

[2009/11/12 14:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Extensions
[2010/10/21 22:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions
[2010/07/24 13:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/12/19 14:44:21 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/20 11:07:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/19 14:44:03 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\searchplugins\AIM Search.xml
[2009/11/12 14:34:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/20 18:44:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WhiteSmoke Tools Toolbar) - {011f9246-da13-4555-9998-6e4805bd533f} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke Tools Toolbar) - {011f9246-da13-4555-9998-6e4805bd533f} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke Tools Toolbar) - {011F9246-DA13-4555-9998-6E4805BD533F} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Seagate 2GH3662G Product Registration.lnk = C:\Documents and Settings\Brian\Application Data\Leadertech\PowerRegister\Seagate 2GH3662G Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 17:05:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/21 18:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/20 19:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Leadertech
[2010/10/20 19:22:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/20 18:19:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/20 18:05:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/20 18:05:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/20 18:05:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/20 18:05:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/20 18:05:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/20 18:05:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/18 18:06:32 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/18 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/17 16:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/10/16 16:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Malwarebytes
[2010/10/16 16:45:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/16 16:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/16 16:45:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/16 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/15 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/15 22:10:33 | 000,000,000 | ---D | C] -- C:\caf58b5128419e265a8386
[2010/10/15 22:10:25 | 000,000,000 | ---D | C] -- C:\80f496831feee071eb
[2010/10/15 22:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/15 22:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/14 20:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/14 20:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/13 21:15:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/13 21:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/13 21:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/12 23:04:05 | 000,000,000 | ---D | C] -- C:\DaveyTheme
[2010/08/29 19:32:48 | 000,000,000 | ---D | C] -- C:\heav96_DreamerLee
[2010/08/29 19:30:51 | 000,000,000 | ---D | C] -- C:\heav96_gangstas_eliminators
[2010/08/25 18:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Temp
[2010/08/25 18:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Google
[2009/11/12 20:30:50 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Brian\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/22 17:07:47 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/22 17:07:47 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/22 17:03:42 | 000,052,659 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/10/22 17:03:38 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/22 17:03:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 22:35:12 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004UA.job
[2010/10/21 22:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004Core.job
[2010/10/21 17:06:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/20 22:11:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/20 22:06:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 19:39:28 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Brian\default.pls
[2010/10/20 19:26:01 | 000,001,315 | ---- | M] () -- C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Seagate 2GH3662G Product Registration.lnk
[2010/10/20 18:44:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/20 18:20:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/18 18:13:24 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 18:07:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/17 21:58:09 | 000,112,021 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\vso_ts_preview.xml
[2010/10/10 23:05:37 | 216,568,228 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\WWE.Summerslam.2010.PPV.720p.x264.DigitalDelboy.mp4
[2010/10/09 23:23:53 | 1573,602,366 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\WWE.Money.In.The.Bank.2010.720p.mkv
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 23:42:01 | 099,959,102 | ---- | M] () -- C:\HeyManNiceShot.wmv
[2010/08/14 02:12:53 | 390,743,540 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\tna.hardcore.justice.ppv.720p.hdtv.x264-kyr.mkv
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 19:26:01 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Seagate 2GH3662G Product Registration.lnk
[2010/10/20 18:20:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/20 18:19:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/20 18:05:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/20 18:05:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/20 18:05:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/20 18:05:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/20 18:05:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/15 22:00:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 11:52:19 | 216,568,228 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\WWE.Summerslam.2010.PPV.720p.x264.DigitalDelboy.mp4
[2010/10/09 12:13:42 | 1573,602,366 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\WWE.Money.In.The.Bank.2010.720p.mkv
[2010/09/04 23:25:22 | 099,959,102 | ---- | C] () -- C:\HeyManNiceShot.wmv
[2010/08/25 18:17:23 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004UA.job
[2010/08/25 18:17:22 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004Core.job
[2010/08/13 17:54:34 | 390,743,540 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\tna.hardcore.justice.ppv.720p.hdtv.x264-kyr.mkv
[2010/05/09 15:29:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/05/09 15:29:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/04/18 16:45:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/18 16:45:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/18 16:45:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/18 16:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/02 20:17:13 | 000,112,021 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\vso_ts_preview.xml
[2009/11/13 14:23:08 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/13 11:42:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/12 20:30:57 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\pcouffin.log
[2009/11/12 20:30:50 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\pcouffin.cat
[2009/11/12 20:30:50 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\pcouffin.inf
[2009/11/12 17:28:03 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 15:01:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/04 17:53:24 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/11/04 17:53:22 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/04 17:49:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/04 17:49:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/04 17:48:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/04 17:48:58 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/04 17:45:59 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/11/04 11:54:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/19 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/19 14:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/10/18 18:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/13 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/11/12 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/02/02 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/02/02 19:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/03 20:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/11/12 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/13 10:45:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}
[2009/12/19 14:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\acccore
[2010/05/09 15:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\GetRightToGo
[2009/11/13 11:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Key Metric Software
[2010/10/20 19:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Leadertech
[2009/11/12 21:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\LEAPS
[2010/05/09 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\OxelonMC
[2009/11/12 21:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Pegasys Inc
[2009/11/12 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Publish Providers
[2009/12/06 20:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Sony
[2009/11/12 18:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Sony Setup
[2010/05/20 22:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/10/10 02:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\uTorrent
[2010/10/17 21:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Vso
[2010/01/09 17:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\WhiteSmoke

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/11/04 11:51:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/04 11:51:41 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/04 11:51:41 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

0

OTL Extras logfile created on: 10/22/2010 5:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Brian\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.01 Gb Total Space | 82.84 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Computer Name: BRIANPC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\Brian\My Documents\Downloads\utorrent-2.0-beta-17188.upx.exe" = C:\Documents and Settings\Brian\My Documents\Downloads\utorrent-2.0-beta-17188.upx.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe" = C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{17FE8F8E-D8FA-440E-9ACF-3C51787E7225}" = FolderSizes 4
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6352516B-FFF2-4F26-65FA-8C495420A2F6}" = TweetDeck
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"FolderSizes 4" = FolderSizes 4
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.7
"ie8" = Windows Internet Explorer 8
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.3.0.0)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIA Drivers" = NVIDIA Drivers
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"RER Video Converter_is1" = RER Video Converter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Ultra Mobile 3GP Video Converter_is1" = Ultra%

Edited by JetsMets77: n/a

0

OTL Extras logfile created on: 10/22/2010 5:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Brian\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.01 Gb Total Space | 82.84 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Computer Name: BRIANPC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

0

EDIT: Please delete..this post was b/c I was having trouble posting the log

Edited by JetsMets77: n/a

0

OTL Extras logfile created on: 10/22/2010 5:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Brian\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.01 Gb Total Space | 82.84 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Computer Name: BRIANPC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\Brian\My Documents\Downloads\utorrent-2.0-beta-17188.upx.exe" = C:\Documents and Settings\Brian\My Documents\Downloads\utorrent-2.0-beta-17188.upx.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe" = C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{17FE8F8E-D8FA-440E-9ACF-3C51787E7225}" = FolderSizes 4
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6352516B-FFF2-4F26-65FA-8C495420A2F6}" = TweetDeck
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"FolderSizes 4" = FolderSizes 4
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.7
"ie8" = Windows Internet Explorer 8
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.3.0.0)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIA Drivers" = NVIDIA Drivers
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"RER Video Converter_is1" = RER Video Converter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Ultra Mobile 3GP Video Converter_is1" = Ultra Mobile 3GP Video Converter 5.2.0603
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"WhiteSmoke_Tools Toolbar" = WhiteSmoke_Tools Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/12/2009 8:29:24 PM | Computer Name = BRIANPC | Source = avast! | ID = 33554522
Description =

Error - 11/12/2009 8:39:18 PM | Computer Name = BRIANPC | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 9:07:37 PM | Computer Name = BRIANPC | Source = avast! | ID = 33554522
Description =

Error - 9/13/2010 1:36:55 PM | Computer Name = BRIANPC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 10/20/2010 10:37:34 PM | Computer Name = BRIANPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/21/2010 5:19:42 PM | Computer Name = BRIANPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 5:19:42 PM | Computer Name = BRIANPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/21/2010 5:26:45 PM | Computer Name = BRIANPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Multimedia.api, version 9.2.0.124, fault address 0x00042f8b.

Error - 10/21/2010 5:57:14 PM | Computer Name = BRIANPC | Source = Application Error | ID = 1001
Description = Fault bucket 1629275976.

Error - 10/21/2010 10:07:33 PM | Computer Name = BRIANPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 10:07:33 PM | Computer Name = BRIANPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/21/2010 11:22:40 PM | Computer Name = BRIANPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/22/2010 5:16:36 PM | Computer Name = BRIANPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/22/2010 5:16:37 PM | Computer Name = BRIANPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/19/2010 5:43:05 PM | Computer Name = BRIANPC | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 10/19/2010 11:10:56 PM | Computer Name = BRIANPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/20/2010 6:10:31 PM | Computer Name = BRIANPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/20/2010 6:16:26 PM | Computer Name = BRIANPC | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 10/20/2010 6:23:17 PM | Computer Name = BRIANPC | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/20/2010 6:27:44 PM | Computer Name = BRIANPC | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/20/2010 9:51:35 PM | Computer Name = BRIANPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/20/2010 9:56:19 PM | Computer Name = BRIANPC | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 10/21/2010 5:28:05 PM | Computer Name = BRIANPC | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/21/2010 9:42:06 PM | Computer Name = BRIANPC | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.


< End of report >

0

Sorry for the confusion but I could not post the logs from my infected PC so I had to switch computers which is why there are a few threads because it kept coming in messed up. The full logs are in my first post (so the post right below crunchie's instructions) and my last post right above this one..I tried edit and delete but was unable to, Thanks

0

Run OTL

===============

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

0

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=" removed from keyword.URL
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 41044 bytes

User: All Users

User: Brian
->Flash cache emptied: 123913 bytes

User: Default User
->Flash cache emptied: 41044 bytes

User: LocalService
->Flash cache emptied: 16187 bytes

User: NetworkService
->Flash cache emptied: 55711 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Brian
->Temp folder emptied: 1006641678 bytes
->Temporary Internet Files folder emptied: 788180 bytes
->Java cache emptied: 49811349 bytes
->FireFox cache emptied: 100401329 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12675744 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 117617389 bytes
->Java cache emptied: 27 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17857 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1212578 bytes

Total Files Cleaned = 1,232.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_011456

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

0

OTL logfile created on: 10/23/2010 1:28:01 AM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Brian\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 431.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.01 Gb Total Space | 83.51 Gb Free Space | 36.79% Space Free | Partition Type: NTFS

Computer Name: BRIANPC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 17:07:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\My Documents\Downloads\OTL.exe
PRC - [2010/10/15 22:22:12 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugin-container.exe
PRC - [2010/10/15 22:22:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe
PRC - [2010/09/21 11:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/12 21:02:40 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2010/10/22 17:07:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/12 21:02:40 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Brian\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/12 21:02:41 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/06/02 12:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/28 11:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 11:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 11:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 06:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {011f9246-da13-4555-9998-6e4805bd533f} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 18:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/19 14:43:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components [2010/10/15 22:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins [2010/10/15 22:22:23 | 000,000,000 | ---D | M]

[2009/11/12 14:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Extensions
[2010/10/22 22:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions
[2010/07/24 13:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/12/19 14:44:21 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/20 11:07:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/19 14:44:03 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\88dra67l.default\searchplugins\AIM Search.xml
[2009/11/12 14:34:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/23 01:16:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (WhiteSmoke Tools Toolbar) - {011f9246-da13-4555-9998-6e4805bd533f} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke Tools Toolbar) - {011f9246-da13-4555-9998-6e4805bd533f} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke Tools Toolbar) - {011F9246-DA13-4555-9998-6E4805BD533F} - C:\Program Files\WhiteSmoke_Tools\tbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Seagate 2GH3662G Product Registration.lnk = C:\Documents and Settings\Brian\Application Data\Leadertech\PowerRegister\Seagate 2GH3662G Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 17:05:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 01:14:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/21 18:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/20 19:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Leadertech
[2010/10/20 19:22:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/20 18:19:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/20 18:05:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/20 18:05:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/20 18:05:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/20 18:05:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/20 18:05:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/20 18:05:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/18 18:06:32 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/18 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/17 16:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/10/16 16:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Malwarebytes
[2010/10/16 16:45:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/16 16:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/16 16:45:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/16 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/15 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/15 22:10:33 | 000,000,000 | ---D | C] -- C:\caf58b5128419e265a8386
[2010/10/15 22:10:25 | 000,000,000 | ---D | C] -- C:\80f496831feee071eb
[2010/10/15 22:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/15 22:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/14 20:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/14 20:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/13 21:15:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/13 21:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/13 21:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/12 23:04:05 | 000,000,000 | ---D | C] -- C:\DaveyTheme
[2010/08/29 19:32:48 | 000,000,000 | ---D | C] -- C:\heav96_DreamerLee
[2010/08/29 19:30:51 | 000,000,000 | ---D | C] -- C:\heav96_gangstas_eliminators
[2010/08/25 18:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Temp
[2010/08/25 18:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Google
[2009/11/12 20:30:50 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Brian\Application Data\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/10/23 01:29:22 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/23 01:29:22 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/23 01:25:29 | 000,052,659 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/10/23 01:25:28 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/23 01:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 01:16:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/23 00:32:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004UA.job
[2010/10/22 22:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004Core.job
[2010/10/22 22:13:43 | 000,201,370 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\bookmarks.html
[2010/10/21 17:06:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/20 22:11:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/20 22:06:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 19:39:28 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Brian\default.pls
[2010/10/20 19:26:01 | 000,001,315 | ---- | M] () -- C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Seagate 2GH3662G Product Registration.lnk
[2010/10/20 18:20:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/18 18:13:24 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 18:07:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/17 21:58:09 | 000,112,021 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\vso_ts_preview.xml
[2010/10/10 23:05:37 | 216,568,228 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\WWE.Summerslam.2010.PPV.720p.x264.DigitalDelboy.mp4
[2010/10/09 23:23:53 | 1573,602,366 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\WWE.Money.In.The.Bank.2010.720p.mkv
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 23:42:01 | 099,959,102 | ---- | M] () -- C:\HeyManNiceShot.wmv
[2010/08/14 02:12:53 | 390,743,540 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\tna.hardcore.justice.ppv.720p.hdtv.x264-kyr.mkv

========== Files Created - No Company Name ==========

[2010/10/23 01:12:21 | 000,029,756 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\GMailFS.chm
[2010/10/22 22:13:42 | 000,201,370 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\bookmarks.html
[2010/10/20 19:26:01 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Seagate 2GH3662G Product Registration.lnk
[2010/10/20 18:20:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/20 18:19:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/20 18:05:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/20 18:05:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/20 18:05:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/20 18:05:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/20 18:05:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/15 22:00:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 11:52:19 | 216,568,228 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\WWE.Summerslam.2010.PPV.720p.x264.DigitalDelboy.mp4
[2010/10/09 12:13:42 | 1573,602,366 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\WWE.Money.In.The.Bank.2010.720p.mkv
[2010/09/04 23:25:22 | 099,959,102 | ---- | C] () -- C:\HeyManNiceShot.wmv
[2010/08/25 18:17:23 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004UA.job
[2010/08/25 18:17:22 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1993962763-725345543-1004Core.job
[2010/08/13 17:54:34 | 390,743,540 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\tna.hardcore.justice.ppv.720p.hdtv.x264-kyr.mkv
[2010/05/09 15:29:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/05/09 15:29:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/04/18 16:45:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/18 16:45:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/18 16:45:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/18 16:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/02 20:17:13 | 000,112,021 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\vso_ts_preview.xml
[2009/11/13 14:23:08 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/13 11:42:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/12 20:30:57 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\pcouffin.log
[2009/11/12 20:30:50 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\pcouffin.cat
[2009/11/12 20:30:50 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\pcouffin.inf
[2009/11/12 17:28:03 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 15:01:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/04 17:53:24 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/11/04 17:53:22 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/04 17:49:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/04 17:49:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/04 17:48:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/04 17:48:58 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/04 17:45:59 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/11/04 11:54:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/19 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/19 14:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/10/18 18:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/13 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/11/12 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/02/02 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/02/02 19:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/03 20:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/11/12 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/13 10:45:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}
[2009/12/19 14:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\acccore
[2010/05/09 15:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\GetRightToGo
[2009/11/13 11:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Key Metric Software
[2010/10/20 19:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Leadertech
[2009/11/12 21:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\LEAPS
[2010/05/09 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\OxelonMC
[2009/11/12 21:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Pegasys Inc
[2009/11/12 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Publish Providers
[2009/12/06 20:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Sony
[2009/11/12 18:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Sony Setup
[2010/05/20 22:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/10/10 02:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\uTorrent
[2010/10/17 21:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Vso
[2010/01/09 17:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\WhiteSmoke

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

0

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Oct 23 01:34:35 2010

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_17

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_17

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_17

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_17

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_17

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_17

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

0

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.