iexplorer.exe virus

Hello small_love and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Sorry you've been waiting so long.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

As it's been a while, let's get some fresh logs.

Please follow these steps.

-- Step 1 --

• Run OTL
  
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in
  
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Under Extra Registry, select Use SafeList
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

-- Step 3 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked. UNCHECK the following boxes
  
  • Sections
  • IAT/EAT
  • Drives/Partition other than System drive (typically C:\)
  • Show all (important)
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Thanks so much for helping me : )
I only have the OTL logs. GMER keeps shutting off on me even when I close all the programs and change the settings...am I doing something wrong?

OTL logfile created on: 7/18/2010 1:39:19 PM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\TSE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.56 Gb Total Space | 32.25 Gb Free Space | 48.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAPHNE
Current User Name: TSE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\TSE\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe ()
PRC - C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\TSE\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3725.dll ()
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)


========== Driver Services (SafeList) ==========

DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\WINDOWS\System32\DRIVERS\LV532AV.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2535290
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 9C 32 34 E2 08 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7
FF - prefs.js..network.proxy.http: "75.101.215.123:"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 02:02:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 16:50:39 | 000,000,000 | ---D | M]

[2009/07/31 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TSE\Application Data\Mozilla\Extensions
[2010/07/14 19:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions
[2010/03/26 22:50:19 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/06/26 14:08:45 | 000,000,000 | ---D | M] (Full Flat) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}(2)
[2010/07/14 19:53:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 19:53:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/26 19:12:54 | 000,000,000 | ---D | M] (Whitehart) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010/06/26 14:08:46 | 000,000,000 | ---D | M] (Whitehart) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)
[2010/01/27 20:17:06 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2010/03/26 22:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\[email protected]
[2010/03/26 22:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\[email protected]
[2010/03/06 14:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\extensions\[email protected]
[2009/10/02 18:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/22 18:00:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/15 19:47:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248057170125 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/19 17:44:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:D *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/18 13:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/16 20:31:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TSE\Recent
[2010/07/11 23:12:58 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/11 23:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/11 22:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/11 21:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/11 20:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Messenger_Plus_Live_CA-EN
[2010/07/11 02:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/11 02:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/07/07 17:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TSE\Application Data\DAEMON Tools Lite
[2010/07/07 17:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/07 15:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TSE\Application Data\uTorrent
[2010/06/30 12:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\ExtremeGamers
[2010/06/30 00:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/06/27 00:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/27 00:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TSE\Application Data\TeamViewer
[2010/06/27 00:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/26 21:09:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/06/26 21:09:21 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/06/26 17:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/06/26 13:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/24 17:45:20 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010/06/24 17:45:18 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/06/24 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/06/21 19:33:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.uxtender
[2010/06/21 19:17:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/21 19:09:54 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2010/06/21 19:09:53 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2010/06/21 19:09:53 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2010/06/21 19:09:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010/06/21 19:09:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/06/21 19:09:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/06/21 19:09:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/06/21 19:09:49 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/06/21 19:09:49 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/06/21 19:09:49 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/06/21 19:09:49 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/06/21 19:09:49 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/06/21 19:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/06/21 19:09:48 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/06/21 19:09:48 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/06/21 19:09:48 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/06/21 19:09:48 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/06/21 19:09:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/06/21 19:09:48 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/06/21 19:09:47 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/06/21 19:09:47 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/06/21 19:09:47 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/06/21 19:09:47 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/06/21 19:09:47 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/06/21 19:09:47 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/06/21 19:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/21 19:02:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/21 19:02:35 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2010/06/21 19:02:34 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/06/21 19:02:34 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/06/21 19:02:34 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/06/21 19:02:34 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/06/21 19:02:33 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/06/21 19:02:33 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/06/21 19:02:33 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/06/21 19:02:32 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/06/21 19:02:32 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/06/21 19:02:31 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/06/21 19:02:31 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/06/21 19:02:31 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/06/21 19:02:31 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/06/21 19:02:30 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/06/21 19:02:30 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/06/21 19:02:30 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/06/21 19:02:30 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/06/21 19:02:30 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/06/21 19:02:29 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/06/21 19:02:29 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/06/21 19:02:29 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/06/21 19:02:29 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/06/21 19:02:28 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/06/21 19:02:28 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/06/21 19:02:28 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/06/21 19:02:28 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/06/21 19:02:27 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/06/21 19:02:27 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/06/21 19:02:27 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/06/21 19:02:26 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/06/21 19:02:26 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/06/21 19:02:26 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/06/21 19:02:26 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/06/21 19:02:25 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/06/21 19:02:24 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/06/21 19:02:24 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/06/21 19:02:22 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/06/21 19:02:21 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/06/21 19:02:21 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/06/21 19:02:21 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/06/21 19:02:20 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/06/21 19:02:20 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/06/21 19:02:20 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/06/21 19:02:19 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/06/21 19:02:19 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/06/21 19:02:19 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/06/21 19:02:19 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/06/21 19:02:18 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/06/21 19:02:18 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/06/21 19:02:18 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/06/21 19:02:17 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/06/21 19:02:17 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/06/21 19:02:16 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/06/21 19:02:13 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/06/21 19:02:12 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/06/21 19:02:11 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/06/21 19:02:10 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/06/21 19:02:10 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/06/21 19:02:08 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/06/21 16:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[1 C:\Documents and Settings\TSE\Desktop\*.tmp files -> C:\Documents and Settings\TSE\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/18 13:23:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/18 13:15:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/18 13:15:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/18 13:15:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 13:15:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 04:19:08 | 006,365,184 | ---- | M] () -- C:\Documents and Settings\TSE\ntuser.dat
[2010/07/18 04:19:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TSE\ntuser.ini
[2010/07/18 04:17:57 | 028,745,048 | -H-- | M] () -- C:\Documents and Settings\TSE\Local Settings\Application Data\IconCache.db
[2010/07/15 18:15:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/11 23:07:53 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/11 21:37:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TSE\Local Settings\Application Data\prvlcl.dat
[2010/07/08 10:47:23 | 001,601,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/07 22:08:54 | 000,077,776 | ---- | M] () -- C:\Documents and Settings\TSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/07 17:43:09 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/29 20:12:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/27 23:55:28 | 000,000,607 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/27 00:30:43 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/06/24 17:45:08 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/06/23 19:44:27 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\TSE\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2010/06/22 13:13:08 | 000,001,483 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
[2010/06/21 19:19:49 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\TSE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/21 19:19:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/21 18:22:40 | 000,492,248 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/21 18:22:40 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/21 18:22:40 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 00:36:24 | 000,003,698 | ---- | M] () -- C:\Documents and Settings\TSE\funshion.ini
[1 C:\Documents and Settings\TSE\Desktop\*.tmp files -> C:\Documents and Settings\TSE\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/11 23:13:12 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/11 23:07:53 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/08 21:56:32 | 006,365,184 | ---- | C] () -- C:\Documents and Settings\TSE\ntuser.dat
[2010/07/07 17:43:08 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/27 00:30:43 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/06/24 17:45:08 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/06/23 19:44:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\TSE\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2010/06/22 13:13:02 | 000,001,483 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2010/06/21 19:09:55 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/21 19:09:55 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/21 19:09:55 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/21 19:09:55 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/21 19:09:55 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/21 19:09:55 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/21 19:09:55 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/21 19:09:55 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/21 19:09:55 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/21 19:09:55 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/21 19:09:55 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/21 19:09:55 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/21 19:09:55 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/21 19:09:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/21 19:09:54 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/21 19:09:54 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/21 19:09:54 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/21 19:09:54 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/21 19:09:54 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/21 19:09:54 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/21 19:09:54 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/21 19:09:54 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/21 19:09:54 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/21 19:09:54 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/21 19:09:54 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/21 19:09:54 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/21 19:09:54 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/21 19:09:54 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/21 19:09:54 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/21 19:09:54 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/21 19:09:54 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/21 19:09:54 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/21 19:09:54 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/21 19:09:54 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/21 19:09:54 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/21 19:09:54 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/21 19:09:54 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/21 19:09:54 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/21 19:09:54 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/21 19:09:54 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/21 19:09:54 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/21 19:09:54 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/21 19:09:54 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/21 19:09:53 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/21 19:09:53 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/21 19:09:53 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/21 19:09:53 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/21 19:09:53 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/21 19:09:53 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/21 19:09:53 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/21 19:09:53 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/21 19:09:53 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/21 19:09:53 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/21 19:09:53 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/21 19:09:53 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/21 19:09:53 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/21 19:09:53 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/21 19:09:53 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/21 19:09:53 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/21 19:09:53 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/21 19:09:53 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/21 19:09:53 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/21 19:09:53 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/21 19:09:53 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/21 19:09:53 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/21 19:09:53 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/21 19:09:53 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/21 19:09:53 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/21 19:09:53 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/21 19:09:53 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/21 19:09:53 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/21 19:09:53 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/21 19:09:52 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/21 19:09:52 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/21 19:09:52 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/06/21 19:09:52 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/21 19:09:52 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/21 19:09:52 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/21 19:09:52 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/21 19:09:52 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/21 19:09:52 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/21 19:09:52 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/21 19:02:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/06/21 19:02:24 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/21 19:02:21 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/11/01 21:41:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\funshionplugin2.INI
[2009/08/25 03:21:48 | 000,001,164 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
[2009/08/19 02:35:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/20 14:16:09 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/07/19 17:56:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/07/19 17:56:58 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/07/19 17:52:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009/07/19 17:51:44 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/07/19 17:51:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/07/19 17:51:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/07/19 17:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/07/19 17:51:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009/07/19 17:50:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/09/15 17:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 17:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 17:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 17:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009/07/19 19:15:55 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/19 17:44:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/15 18:20:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/15 19:22:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/07/19 17:44:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/19 17:44:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/11 22:48:14 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/07/19 17:44:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/18 13:15:20 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/07/19 17:43:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/07/19 19:21:21 | 000,001,634 | -H-- | M] () -- C:\Documents and Settings\TSE\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/14 05:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/14 05:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2009/03/08 04:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/14 05:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/14 05:00:00 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/14 05:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/14 05:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/14 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/14 05:00:00 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/14 05:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/14 05:00:00 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/19 10:03:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/19 10:03:59 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/19 10:03:59 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 05:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-22 01:24:07
< End of report >

OTL Extras logfile created on: 7/18/2010 1:39:19 PM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\TSE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.56 Gb Total Space | 32.25 Gb Free Space | 48.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAPHNE
Current User Name: TSE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"57080:TCP" = 57080:TCP:*:Enabled:Pando Media Booster
"57080:UDP" = 57080:UDP:*:Enabled:Pando Media Booster
"1051:TCP" = 1051:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Funshion Online\Funshion\Funshion.exe" = C:\Program Files\Funshion Online\Funshion\Funshion.exe:*:Enabled:Funshion -- (Funshion Online Technologies Ltd.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{581CE7EA-A30D-0000-1211-088635773309}" = IEEE 802.11g USB Wireless LAN Adapter
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ATI Display Driver" = ATI Display Driver
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Funshion" = Funshion
"ie8" = Windows Internet Explorer 8
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_CA-EN Toolbar" = Messenger_Plus_Live_CA-EN Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RocketDock_is1" = RocketDock 1.3.5
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities" = TuneUp Utilities
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2010 1:22:03 AM | Computer Name = DAPHNE | Source = Application Error | ID = 1000
Description = Faulting application funshion.exe, version 2.0.0.29, faulting module
funshion.exe, version 2.0.0.29, fault address 0x0012ee6f.

Error - 6/29/2010 11:07:14 PM | Computer Name = DAPHNE | Source = Application Error | ID = 1000
Description = Faulting application rave installer.exe, version 0.0.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 6/29/2010 11:07:28 PM | Computer Name = DAPHNE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 7/11/2010 5:02:11 AM | Computer Name = DAPHNE | Source = Application Error | ID = 1000
Description = Faulting application smss.exe, version 1.0.0.1, faulting module unknown,
version 0.0.0.0, fault address 0x00374735.

Error - 7/12/2010 2:21:39 AM | Computer Name = DAPHNE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/12/2010 10:54:35 PM | Computer Name = DAPHNE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/13/2010 8:50:55 PM | Computer Name = DAPHNE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/15/2010 3:44:55 AM | Computer Name = DAPHNE | Source = Application Error | ID = 1000
Description = Faulting application wlcomm.exe, version 14.0.8064.206, faulting module
lmcdata.dll, version 14.0.8064.206, fault address 0x00044f8e.

Error - 7/18/2010 5:22:58 AM | Computer Name = DAPHNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 6/11/2010 2:47:19 AM | Computer Name = DAPHNE | Source = Print | ID = 6161
Description = The document untitled owned by TSE failed to print on printer HP DeskJet
720C. Data type: NT EMF 1.008. Size of the spool file in bytes: 2949120. Number
of bytes printed: 2898388. Total number of pages in the document: 2. Number of
pages printed: 1. Client machine: \\DAPHNE. Win32 error code returned by the print
processor: 0 (0x0).

Error - 6/21/2010 4:59:15 AM | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 6/22/2010 2:19:54 PM | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/22/2010 2:19:56 PM | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/24/2010 8:45:19 PM | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083


< End of report >

hI,

Please follow these steps.

-- Step 1 --

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2010/06/22 13:13:08 | 000,001,483 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• This fix will produce a report. Please add this to your reply.

-- Step 2 --

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

• Click on the Log tab.
• In the Write to log box select all items.
• Click on the Create Log button on the bottom right.
• After a few seconds a new Window should appear.
• Make sure Scan all drives is selected and click on the Start button.
• When it is complete a new Window will appear to indicate that the scan is finished.
• The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

All processes killed
========== OTL ==========
C:\WINDOWS\system32\msexcr.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21772193 bytes
->Flash cache emptied: 1114 bytes

User: NetworkService
->Temp folder emptied: 73276 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TSE
->Temp folder emptied: 8521576 bytes
->Temporary Internet Files folder emptied: 293919 bytes
->Java cache emptied: 39167 bytes
->FireFox cache emptied: 98993274 bytes
->Flash cache emptied: 3517 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1333924 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15255420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 850027 bytes

Total Files Cleaned = 140.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: TSE
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07192010_173721

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V1K3VGTH\indexCASOSJT6.htm not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!

Registry entries deleted on Reboot...

~~

SysProt AntiRootkit v1.0.1.0
by swatkat

********************************************************************************
**********
********************************************************************************
**********

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 732
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 764
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1008
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PID: 1168
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1280
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1388
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1480
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1732
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1912
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PID: 440
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 448
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 472
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 484
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 524
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 1060
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1672
Hidden: No
Window Visible: No

Name: C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PID: 1828
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\Program Files\Canon\CAL\CALMAIN.exe
PID: 1324
Hidden: No
Window Visible: No

Name: C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PID: 2776
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3000
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\WINDOWS\NOTEPAD.EXE
PID: 2384
Hidden: No
Window Visible: Yes

Name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PID: 3304
Hidden: No
Window Visible: No

Name: C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PID: 3548
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2640
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft IntelliType Pro\itype.exe
PID: 3628
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\msseces.exe
PID: 3492
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 3780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3848
Hidden: No
Window Visible: No

Name: C:\Program Files\Pando Networks\Media Booster\PMB.exe
PID: 3972
Hidden: No
Window Visible: No

Name: C:\Program Files\RocketDock\RocketDock.exe
PID: 3996
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 4016
Hidden: No
Window Visible: No

Name: C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe
PID: 3380
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2256
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\plugin-container.exe
PID: 4032
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jucheck.exe
PID: 1868
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\TSE\Desktop\SysProt\SysProt.exe
PID: 220
Hidden: No
Window Visible: Yes

********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \??\C:\Documents and Settings\TSE\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A0BBA000
Module End: A0BC5000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EDA80
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F8B76000
Module End: F8B78000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F8A86000
Module End: F8A89000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F8627000
Module End: F8655000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F8B78000
Module End: F8B7A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F8616000
Module End: F8627000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F8676000
Module End: F8680000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F8C3E000
Module End: F8C3F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F88F6000
Module End: F88FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F8686000
Module End: F8691000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F85F7000
Module End: F8616000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F8B7A000
Module End: F8B7C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F85D1000
Module End: F85F7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F88FE000
Module End: F8903000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F8696000
Module End: F86A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F85B9000
Module End: F85D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F86A6000
Module End: F86AF000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F86B6000
Module End: F86C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F8599000
Module End: F85B9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F8587000
Module End: F8599000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F86C6000
Module End: F86D0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F8570000
Module End: F8587000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F84E3000
Module End: F8570000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F84B6000
Module End: F84E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\timntr.sys
Service Name: timounter
Module Base: F8479000
Module End: F84B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\uagp35.sys
Service Name: uagp35
Module Base: F86D6000
Module End: F86E1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\snapman.sys
Service Name: snapman
Module Base: F8461000
Module End: F8479000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SISAGPX.sys
Service Name: SISAGP
Module Base: F86E6000
Module End: F86F0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F8447000
Module End: F8461000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\amdk7.sys
Service Name: AmdK7
Module Base: F8796000
Module End: F87A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F772C000
Module End: F7AE2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7718000
Module End: F772C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F87A6000
Module End: F87B1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F87B6000
Module End: F87C6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F87C6000
Module End: F87D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F76F5000
Module End: F7718000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F8A3E000
Module End: F8A44000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmuda.sys
Service Name: cmuda
Module Base: F763C000
Module End: F76F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F7618000
Module End: F763C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F87D6000
Module End: F87E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F8A46000
Module End: F8A4B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F75F4000
Module End: F7618000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F8A4E000
Module End: F8A56000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sisnic.sys
Service Name: SISNIC
Module Base: F8A56000
Module End: F8A5E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F8A5E000
Module End: F8A65000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F87E6000
Module End: F87F6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F83BF000
Module End: F83C3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F75E0000
Module End: F75F4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: F83BB000
Module End: F83BE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F8D07000
Module End: F8D08000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F87F6000
Module End: F8803000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F83B7000
Module End: F83BA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F75C9000
Module End: F75E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F8806000
Module End: F8811000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F8816000
Module End: F8822000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F8A66000
Module End: F8A6B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F75B8000
Module End: F75C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F8826000
Module End: F882F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F8A6E000
Module End: F8A73000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F8A76000
Module End: F8A7B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F7588000
Module End: F75B8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F8836000
Module End: F8840000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F8A7E000
Module End: F8A84000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F8916000
Module End: F891C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F8BAE000
Module End: F8BB0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F752A000
Module End: F7588000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7AF6000
Module End: F7AFA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7C35000
Module End: F7C3F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7BF5000
Module End: F7C04000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F8BB8000
Module End: F8BBA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F898E000
Module End: F8993000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: A7ECF000
Module End: A7EF2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F89E6000
Module End: F89EE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F8C02000
Module End: F8C04000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\usbvideo.sys
Service Name: usbvideo
Module Base: A766A000
Module End: A7688000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F8CE5000
Module End: F8CE6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F8C06000
Module End: F8C08000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F8A2E000
Module End: F8A35000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F8A36000
Module End: F8A3C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F8C08000
Module End: F8C0A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F8C0A000
Module End: F8C0C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F8996000
Module End: F899B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: A7E4E000
Module End: A7E56000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F83D3000
Module End: F83D6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A7637000
Module End: A764A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A75DE000
Module End: A7637000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A75B6000
Module End: A75DE000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A7594000
Module End: A75B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F8786000
Module End: F878F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A7569000
Module End: A7594000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A74F9000
Module End: A7569000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7C15000
Module End: F7C20000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A74D3000
Module End: A74F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: AA301000
Module End: AA30A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: AA7DE000
Module End: AA7E2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: AA7DA000
Module End: AA7DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: AA2C1000
Module End: AA2CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: AA7D6000
Module End: AA7D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F8417000
Module End: F841B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F8716000
Module End: F8726000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: AA7EA000
Module End: AA7ED000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F89C6000
Module End: F89CB000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F8C65000
Module End: F8C66000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Service Name: tifsfilter
Module Base: F8A1E000
Module End: F8A26000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F83DB000
Module End: F83DF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A0E00000
Module End: A0E15000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A734B000
Module End: A735A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F8BAC000
Module End: F8BAE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A0AFB000
Module End: A0B52000
Hidden: No

Module Name: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
Service Name: TuneUpUtilitiesDrv
Module Base: A6947000
Module End: A6948000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A032F000
Module End: A0353000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A0304000
Module End: A032F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A02C3000
Module End: A0304000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ZDPSp50.sys
Service Name: ZDPSp50
Module Base: A67DA000
Module End: A67DF000
Hidden: No

********************************************************************************
**********
********************************************************************************
**********
No SSDT Hooks found

********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found

********************************************************************************
**********
********************************************************************************
**********
No IRP Hooks found

********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: DAPHNE.VC.SHAWCABLE.NET:1242
Remote Address: 69.50.192.52:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: DAPHNE.VC.SHAWCABLE.NET:1238
Remote Address: 24.244.19.158:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAPHNE.VC.SHAWCABLE.NET:1236
Remote Address: 24.244.17.96:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jucheck.exe
State: ESTABLISHED

Local Address: DAPHNE.VC.SHAWCABLE.NET:1221
Remote Address: 72.14.213.139:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAPHNE.VC.SHAWCABLE.NET:1192
Remote Address: PZ-IN-F137.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1190
Remote Address: PV-IN-F105.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1189
Remote Address: PV-IN-F105.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1188
Remote Address: PV-IN-F102.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1187
Remote Address: PV-IN-F102.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1177
Remote Address: 24.244.17.59:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1176
Remote Address: 24.244.17.81:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1173
Remote Address: 24.244.17.59:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1170
Remote Address: 24.244.17.24:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1145
Remote Address: PZ-IN-F101.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1143
Remote Address: NS1.FARLEX.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1142
Remote Address: 72.14.213.132:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1119
Remote Address: PV-IN-F105.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1110
Remote Address: 72.14.213.105:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DAPHNE.VC.SHAWCABLE.NET:1035
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DAPHNE.VC.SHAWCABLE.NET:1029
Remote Address: A96-6-40-14.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTPS
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: DAPHNE.VC.SHAWCABLE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DAPHNE:60524
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: LISTENING

Local Address: DAPHNE:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: DAPHNE:9423
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DAPHNE:9422
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DAPHNE:9421
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DAPHNE:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: DAPHNE:5152
Remote Address: LOCALHOST:KPOP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: DAPHNE:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: DAPHNE:1112
Remote Address: LOCALHOST:1111
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAPHNE:1111
Remote Address: LOCALHOST:1112
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAPHNE:1102
Remote Address: LOCALHOST:1101
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAPHNE:1101
Remote Address: LOCALHOST:1102
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAPHNE:1094
Remote Address: LOCALHOST:1093
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1093
Remote Address: LOCALHOST:1094
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1092
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1091
Remote Address: LOCALHOST:1092
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1090
Remote Address: LOCALHOST:1089
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1089
Remote Address: LOCALHOST:1090
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1088
Remote Address: LOCALHOST:1087
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1087
Remote Address: LOCALHOST:1088
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1086
Remote Address: LOCALHOST:1085
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1085
Remote Address: LOCALHOST:1086
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: ESTABLISHED

Local Address: DAPHNE:1039
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: DAPHNE:57080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: LISTENING

Local Address: DAPHNE:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DAPHNE:563
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: LISTENING

Local Address: DAPHNE:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DAPHNE:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: LISTENING

Local Address: DAPHNE:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DAPHNE.VC.SHAWCABLE.NET:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DAPHNE.VC.SHAWCABLE.NET:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE.VC.SHAWCABLE.NET:1033
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE.VC.SHAWCABLE.NET:1032
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE.VC.SHAWCABLE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DAPHNE.VC.SHAWCABLE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DAPHNE.VC.SHAWCABLE.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:1056
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:1048
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: DAPHNE:1034
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:1031
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:1027
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DAPHNE:60901
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DAPHNE:57080
Remote Address: NA
Type: UDP
Process: C:\Program Files\Pando Networks\Media Booster\PMB.exe
State: NA

Local Address: DAPHNE:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DAPHNE:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

********************************************************************************
**********
********************************************************************************
**********
No hidden files/folders found

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

ComboFix 10-07-20.01 - TSE 07/20/2010 17:18:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.256 [GMT -7:00]
Running from: c:\documents and settings\TSE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-20 00:37 . 2010-07-20 00:37 -------- dc----w- C:\_OTL
2010-07-19 11:55 . 2010-07-19 11:55 -------- dc----w- c:\program files\Common Files\Adobe
2010-07-19 11:55 . 2010-07-19 11:55 -------- dc----w- c:\documents and settings\TSE\Local Settings\Application Data\Adobe
2010-07-18 20:27 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-12 06:12 . 2010-06-01 17:37 221568 -c----w- c:\windows\system32\MpSigStub.exe
2010-07-12 06:07 . 2010-07-12 06:08 -------- dc----w- c:\program files\Microsoft Security Essentials
2010-07-12 05:42 . 2010-07-12 05:43 -------- dc----w- c:\program files\ERUNT
2010-07-12 03:57 . 2010-07-12 04:59 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Messenger_Plus_Live_CA-EN
2010-07-12 03:54 . 2010-07-12 03:54 -------- dc----w- c:\windows\system32\wbem\Repository
2010-07-11 09:55 . 2010-07-11 09:55 -------- dcsh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-11 09:22 . 2010-07-11 22:59 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-08 00:43 . 2010-07-08 00:43 691696 -c--a-w- c:\windows\system32\drivers\sptd.sys
2010-07-08 00:42 . 2010-07-08 00:49 -------- dc----w- c:\documents and settings\TSE\Application Data\DAEMON Tools Lite
2010-07-08 00:42 . 2010-07-08 00:42 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-07 22:29 . 2010-07-12 04:03 -------- dc----w- c:\documents and settings\TSE\Application Data\uTorrent
2010-06-30 19:47 . 2010-06-30 19:47 -------- dc----w- c:\program files\ExtremeGamers
2010-06-30 07:51 . 2010-06-30 07:51 -------- dc----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-30 07:50 . 2010-06-30 07:50 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2010-06-27 07:46 . 2010-06-27 07:46 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-27 07:31 . 2010-06-27 08:08 -------- dc----w- c:\documents and settings\TSE\Application Data\TeamViewer
2010-06-27 07:30 . 2010-06-27 07:30 -------- dc----w- c:\program files\TeamViewer
2010-06-27 04:09 . 2008-04-14 12:41 21504 -c--a-w- c:\windows\system32\hidserv.dll
2010-06-27 04:09 . 2008-04-14 12:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-27 04:09 . 2008-04-14 07:09 14592 -c--a-w- c:\windows\system32\drivers\kbdhid.sys
2010-06-27 04:09 . 2008-04-14 07:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-06-27 00:22 . 2010-06-27 00:22 -------- dc----w- c:\program files\Microsoft IntelliType Pro
2010-06-26 20:41 . 2010-06-26 20:42 -------- dc----w- c:\windows\system32\NtmsData
2010-06-25 00:45 . 2010-06-14 23:04 30536 -c--a-w- c:\windows\system32\TURegOpt.exe
2010-06-25 00:45 . 2010-06-14 22:58 30024 -c--a-w- c:\windows\system32\uxtuneup.dll
2010-06-25 00:44 . 2010-06-25 00:45 -------- dc----w- c:\program files\TuneUp Utilities 2010
2010-06-22 02:02 . 2010-06-22 02:02 -------- dc----w- c:\windows\ServicePackFiles
2010-06-21 23:53 . 2010-06-21 23:53 -------- dc----w- c:\program files\RocketDock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 00:29 . 2010-03-07 01:06 -------- dc----w- c:\program files\Common Files\Akamai
2010-07-19 02:37 . 2009-07-20 01:23 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-12 05:48 . 2010-03-10 01:18 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 04:37 . 2010-03-19 05:29 0 -c--a-w- c:\documents and settings\TSE\Local Settings\Application Data\prvlcl.dat
2010-07-11 08:55 . 2010-05-10 04:35 -------- dc----w- c:\program files\Messenger_Plus_Live_CA-EN
2010-07-08 05:08 . 2009-07-31 22:57 77776 -c--a-w- c:\documents and settings\TSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-08 00:28 . 2009-07-20 01:18 -------- dc----w- c:\documents and settings\TSE\Application Data\Ahead
2010-07-05 07:14 . 2010-05-18 23:41 -------- dc----w- c:\documents and settings\TSE\Application Data\Adobe-BackupByPhotoshopPortable
2010-07-01 02:01 . 2009-07-20 00:49 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-06-25 00:43 . 2009-09-28 07:03 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-06-25 00:25 . 2009-10-06 06:04 -------- dc----w- c:\program files\CCleaner
2010-06-22 02:33 . 2008-04-14 12:00 218624 -c--a-w- c:\windows\system32\uxtheme.dll
2010-06-21 04:48 . 2009-07-31 23:33 -------- dc----w- c:\program files\Messenger Plus! Live
2010-06-14 14:31 . 2009-07-20 00:41 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-22 18:29 . 2010-02-23 02:18 -------- dc----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-05-06 10:41 . 2008-04-14 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 -c--a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-03-10 01:18 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-03-10 01:18 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{437c4386-9237-441f-a940-009430030ee0}"= "c:\program files\Messenger_Plus_Live_CA-EN\tbMess.dll" [2010-03-25 2355296]

[HKEY_CLASSES_ROOT\clsid\{437c4386-9237-441f-a940-009430030ee0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437c4386-9237-441f-a940-009430030ee0}]
2010-03-25 20:31 2355296 -c--a-w- c:\program files\Messenger_Plus_Live_CA-EN\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{437c4386-9237-441f-a940-009430030ee0}"= "c:\program files\Messenger_Plus_Live_CA-EN\tbMess.dll" [2010-03-25 2355296]

[HKEY_CLASSES_ROOT\clsid\{437c4386-9237-441f-a940-009430030ee0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-23 2937528]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-13 106496]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-12 984243]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
IEEE 802.11g USB Wireless LAN Utility.lnk - c:\program files\AirLink101\AWLL3025V2\ZDWlan.exe [2009-7-19 487424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:D *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^TSE^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\documents and settings\TSE\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-10-12 23:21 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-24 01:05 143360 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57080:TCP"= 57080:TCP:Pando Media Booster
"57080:UDP"= 57080:UDP:Pando Media Booster
"3982:TCP"= 3982:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 5:00 AM 14336]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [6/14/2010 4:02 PM 1051976]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/24/2010 2:41 PM 10064]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS --> c:\windows\system32\DRIVERS\LV532AV.SYS [?]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\TSE\Desktop\SysProt\SysProtDrv.sys [7/19/2010 5:49 PM 44288]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2010 5:43 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-07-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535290
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TSE\Application Data\Mozilla\Firefox\Profiles\yheurwen.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 75.101.215.123:
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - c:\documents and settings\TSE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 17:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,71,20,bb,cb,82,33,47,90,2a,d2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,71,20,bb,cb,82,33,47,90,2a,d2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-07-20 17:35:05
ComboFix-quarantined-files.txt 2010-07-21 00:35

Pre-Run: 33,540,648,960 bytes free
Post-Run: 33,542,127,616 bytes free

- - End Of File - - 8F5F1106989D8D7473C616A580C0E412

~~

After I ran ComboFix, internet explorer was installed onto my desktop and my default browser was changed. Is this normal?

The virus seems to have gotten worse...IE is killing me with popups at the moment and IE is using up my memory usage.

Hi,

Please download MBRCheck.exe to your desktop.

• Be sure to disable your security programs
• Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A black window will open on your desktop
• If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file in your reply.

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...

Hi,

Please carefully follow these steps.

• Run MBRCheck.exe
• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Please push the 'Y' key and then press Enter
• When program ask you Enter your choice: enter 2 and press the Enter key
• Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
• Enter 0 and press the Enter key.
• The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
• The program will prompt for confirmation. Type 'YES' and hit Enter.
• Left click on the title bar (where program name and path is written).
• From menu chose Edit -> Select All
• Hit the Enter key on your keyboard to copy selected text.
• Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
• Restart your PC.
• Post the text in "MBRCheck results.txt" here, please.

MBRCheck, version 1.1.1
© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done! Press ENTER to exit...

Hi,

How's your computer running now?

• Be sure to disable your security programs
• Double click on MBRCheck to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A black window will open on your desktop
• If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file in your reply.

I checked Task Manager and iexplorer.exe has disappeared, and my problem with my volume is gone (:
Thanks so much!

~~

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...

Hi,

Let's run some final scans for remnants.

Please follow these steps.

-- Step 1 --

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Run Malwarebytes' Anti-Malware.

• Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
• Select the Scanner tab, select "Perform Quick Scan", then click Scan
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

• Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
• Click the "Download JRE" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

-- Step 4 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on Settings
• In the scan settings, select the following:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan spyware, adware, diallers and other riskware
  Scan Archives
  Scan E-mail databases
• Click Save
• Now under ScanSelect My Computer
• This will start the scanning of your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on View Report and then Save Report
• Save the file to your desktop as a text file.
• Copy and paste that information in your next post.