Jump to content


Photo
- - - - -

"Personal Internet Security 2011" booo!


  • This topic is locked This topic is locked
29 replies to this topic

#1 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 08 January 2011 - 04:55 PM

Hi my computer was infected with fake antiirus "Personal Internet Security 2011" . At first I couldn't run MBAM, but when I renamed it it ran ad cleand 808 items. When I rebooted, I couldn't get an internet connection through either firefox or ie. I get a proxy server error in both. I tried to run ComboFix, but it is giving me warnings that "Personal Internet Securtiy 2011" is still running, so I shut it down. when I reran MBAM, there were no items found. When I run HiJackThis I get an error message to remove lines from the hosts file, but when I reboot they return.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:44:03 PM, on 1/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\SiwikMuller\My Documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25562
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("DebsRik.aim.filexfer.location", "");
user_pref("DebsRik.aim.general.im.enterCR", false);
user_pref("DebsRik.aim.general.im.smilies", true);
user_pref("DebsRik.aim.general.im.tabKey", false);
user_pref("DebsRik.aim.general.im.timeStamp", false);
user_pref("DebsRik.aim.general.snsautosignon", false);
user_pref("DebsRik.aim.general.today", true);
user_pref("DebsRik.aim.mail.presence", true);
user_pref("DebsRik.aim.session.autologin", false);
user_pref("DebsRik.aim.session.connectionname", "AIM");
user_pref("DebsRik.aim.session.firstsignon", false);
user_pref("DebsRik.aim.session.password", "0R2R0cmZi");
user_pref("DebsRik.aim.session.storepass
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("DebsRik.aim.filexfer.location", "");
user_pref("DebsRik.aim.general.im.enterCR", false);
user_pref("DebsRik.aim.general.im.smilies", true);
user_pref("DebsRik.aim.general.im.tabKey", false);
user_pref("DebsRik.aim.general.im.timeStamp", false);
user_pref("DebsRik.aim.general.snsautosignon", false);
user_pref("DebsRik.aim.general.today", true);
user_pref("DebsRik.aim.mail.presence", true);
user_pref("DebsRik.aim.session.autologin", false);
user_pref("DebsRik.aim.session.connectionname", "AIM");
user_pref("DebsRik.aim.session.firstsignon", false);
user_pref("DebsRik.aim.session.password", "0R2R0cmZi");
user_pref("DebsRik.aim.session.storepass
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 96.44.181.245 www.google.com
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 www.google.com.au
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 www.google.be
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 www.google.com.br
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 96.44.181.245 www.google.ca
O1 - Hosts: 96.44.181.245 google.ch
O1 - Hosts: 96.44.181.245 www.google.ch
O1 - Hosts: 96.44.181.245 google.de
O1 - Hosts: 96.44.181.245 www.google.de
O1 - Hosts: 96.44.181.245 google.dk
O1 - Hosts: 96.44.181.245 www.google.dk
O1 - Hosts: 96.44.181.245 google.fr
O1 - Hosts: 96.44.181.245 www.google.fr
O1 - Hosts: 96.44.181.245 google.ie
O1 - Hosts: 96.44.181.245 www.google.ie
O1 - Hosts: 96.44.181.245 google.it
O1 - Hosts: 96.44.181.245 www.google.it
O1 - Hosts: 96.44.181.245 google.co.jp
O1 - Hosts: 96.44.181.245 www.google.co.jp
O1 - Hosts: 96.44.181.245 google.nl
O1 - Hosts: 96.44.181.245 www.google.nl
O1 - Hosts: 96.44.181.245 google.no
O1 - Hosts: 96.44.181.245 www.google.no
O1 - Hosts: 96.44.181.245 google.co.nz
O1 - Hosts: 96.44.181.245 www.google.co.nz
O1 - Hosts: 96.44.181.245 google.pl
O1 - Hosts: 96.44.181.245 www.google.pl
O1 - Hosts: 96.44.181.245 google.se
O1 - Hosts: 96.44.181.245 www.google.se
O1 - Hosts: 96.44.181.245 google.co.uk
O1 - Hosts: 96.44.181.245 www.google.co.uk
O1 - Hosts: 96.44.181.245 google.co.za
O1 - Hosts: 96.44.181.245 www.google.co.za
O1 - Hosts: 96.44.181.245 www.google-analytics.com
O1 - Hosts: 96.44.181.245 www.bing.com
O1 - Hosts: 96.44.181.245 search.yahoo.com
O1 - Hosts: 96.44.181.245 www.search.yahoo.com
O1 - Hosts: 96.44.181.245 uk.search.yahoo.com
O1 - Hosts: 96.44.181.245 ca.search.yahoo.com
O1 - Hosts: 96.44.181.245 de.search.yahoo.com
O1 - Hosts: 96.44.181.245 fr.search.yahoo.com
O1 - Hosts: 96.44.181.245 au.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - (no file)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195748364906
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12477 bytes

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 January 2011 - 02:31 PM

Welcome to the forum.

Please uninstall Trend Micro HijackThis v2.0.0 (BETA) from your control panels add/remove programs if listed or just delete the program itself.

------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here:
OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 09 January 2011 - 04:05 PM

OTL logfile created on: 1/9/2011 3:56:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\SiwikMuller\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.03 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.96% Space Free | Partition Type: FAT
Drive G: | 232.88 Gb Total Space | 159.59 Gb Free Space | 68.53% Space Free | Partition Type: NTFS

Computer Name: DEBSRIK | User Name: SiwikMuller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/09 15:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SiwikMuller\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/16 19:34:50 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/04/20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/10/28 04:10:14 | 000,438,784 | ---- | M] (Neodio Corp.) -- C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
PRC - [2002/12/17 12:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001/03/15 05:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2000/10/25 06:50:02 | 000,430,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2000/10/09 06:50:00 | 000,053,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2000/10/09 06:50:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 16:12:40 | 000,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/09 15:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SiwikMuller\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/13 12:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rsaenh.dll
MOD - [2006/11/03 18:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/04/20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2000/10/25 06:50:02 | 000,430,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2000/10/09 06:50:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix5381C\catchme.sys -- (catchme)
DRV - [2010/08/04 16:41:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iPodDrv.sys -- (iPodDrv)
DRV - [2009/07/13 19:17:44 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/07/13 19:17:44 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2006/04/20 08:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/01/20 13:40:42 | 000,783,984 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\css-dvp.sys -- (CSS DVP)
DRV - [2005/06/29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/07/08 20:37:08 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/07/01 14:04:06 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/07/01 14:04:06 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/07/01 14:04:06 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/07/01 14:04:06 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/07/01 13:57:27 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/01/15 14:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/07/19 10:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/10/09 06:50:00 | 000,007,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local
IE - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25562

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 19:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 19:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/14 19:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/12/14 19:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components
FF - HKLM\software\mozilla\Netscape Browser 8.0.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/12/14 19:49:26 | 000,000,000 | ---D | M]

[2010/09/12 18:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Extensions
[2010/09/12 18:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2011/01/03 20:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Firefox\Profiles\7ipgivmu.default\extensions
[2010/09/16 18:15:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Firefox\Profiles\7ipgivmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 18:51:07 | 000,000,000 | ---D | M] (Prism for Firefox) -- C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Firefox\Profiles\7ipgivmu.default\extensions\refractor@developer.mozilla.org
[2010/09/12 18:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Firefox\Profiles\7ipgivmu.default\extensions\refractor@developer.mozilla.org\prism\extensions
[2011/01/03 20:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 16:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 08:39:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/31 13:42:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/09/20 18:14:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\SIWIKMULLER\APPLICATION DATA\MOVE NETWORKS
[2009/09/13 18:24:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/16 19:35:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/08 15:07:43 | 000,002,045 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 96.44.181.245 www.google.com
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 www.google.com.au
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 www.google.be
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 www.google.com.br
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\..\Toolbar\WebBrowser: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} http://downloads.net...ar/netscape.cab (Netscape)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1195748364906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-its - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\SiwikMuller\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SiwikMuller\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 15:48:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SiwikMuller\Desktop\OTL.exe
[2011/01/08 16:23:45 | 000,000,000 | --SD | C] -- C:\win
[2011/01/08 15:56:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/08 00:36:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIZLHJVS
[2011/01/08 00:33:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\749b84
[2010/12/24 10:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SiwikMuller\My Documents\DVDVideoSoft
[2010/12/24 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2010/12/24 10:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SiwikMuller\Application Data\DVDVideoSoft
[2010/12/24 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/12/24 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/12/14 19:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2010/12/14 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\SiwikMuller\My Documents\*.tmp files -> C:\Documents and Settings\SiwikMuller\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 15:47:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/09 15:44:52 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/09 15:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/09 15:44:18 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 15:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SiwikMuller\Desktop\OTL.exe
[2011/01/08 16:37:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\'hosts.'
[2011/01/08 15:54:52 | 004,150,305 | R--- | M] () -- C:\Documents and Settings\SiwikMuller\Desktop\win.exe
[2011/01/08 15:07:43 | 000,002,045 | RHS- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/01/02 21:01:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\SiwikMuller\My Documents\I AM.doc
[2010/12/24 17:39:24 | 002,278,912 | ---- | M] () -- C:\Documents and Settings\SiwikMuller\My Documents\birdiesxmas2010.doc
[2010/12/24 15:16:17 | 000,000,103 | ---- | M] () -- C:\WINDOWS\Twui265.ini
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 18:49:08 | 000,270,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 19:37:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 18:56:46 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\SiwikMuller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 10:49:20 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\SiwikMuller\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/11 10:48:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/11 10:48:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\SiwikMuller\My Documents\*.tmp files -> C:\Documents and Settings\SiwikMuller\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/08 15:54:54 | 004,150,305 | R--- | C] () -- C:\Documents and Settings\SiwikMuller\Desktop\win.exe
[2011/01/02 21:01:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\SiwikMuller\My Documents\I AM.doc
[2010/12/24 17:34:49 | 002,278,912 | ---- | C] () -- C:\Documents and Settings\SiwikMuller\My Documents\birdiesxmas2010.doc
[2010/09/11 16:18:41 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/11 16:13:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/27 23:25:54 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/27 23:25:52 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/27 22:31:07 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\SiwikMuller\Local Settings\Application Data\fusioncache.dat
[2009/01/24 10:32:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/12/20 10:21:31 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/11/02 16:14:15 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\SiwikMuller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/28 18:18:39 | 000,000,209 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/03/26 21:32:12 | 000,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2008/03/26 21:32:12 | 000,019,200 | ---- | C] () -- C:\WINDOWS\WEPUTIL.DLL
[2007/04/21 19:10:15 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/05 20:02:18 | 000,000,047 | ---- | C] () -- C:\WINDOWS\Prism3.INI
[2007/02/04 13:13:10 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/02/04 13:08:19 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/02/04 13:08:15 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/12/11 09:34:56 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/07 19:06:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/07 18:21:21 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/21 20:30:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/17 21:53:01 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/07/08 20:53:20 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/07/08 20:53:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/07/08 20:37:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/07/08 20:01:31 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Twui265.ini
[2003/07/08 19:57:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/07/08 19:49:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/01 14:06:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/01 13:53:09 | 000,000,806 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/01 13:53:09 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/01 13:49:06 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/01 13:36:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/01 13:23:54 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/10/09 06:50:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 16:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/01/08 00:38:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\749b84
[2006/04/30 21:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\buvs
[2006/05/06 10:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2010/09/05 18:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/01/08 00:36:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PIZLHJVS
[2010/01/29 21:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/28 08:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/11/08 21:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/14 07:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2004/07/02 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/09/29 09:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/15 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/29 19:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 11:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/08/21 07:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\.BitTornado
[2005/08/02 22:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Aim
[2008/12/13 11:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Amazon
[2007/10/13 22:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\CVS
[2008/12/20 10:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\deskPDF
[2010/12/24 10:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\DVDVideoSoft
[2010/06/26 10:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Facebook
[2010/10/16 13:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Image Zone Express
[2009/01/24 10:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\InterTrust
[2009/07/29 19:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\IObit
[2008/03/26 21:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Netscape
[2007/12/13 20:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Printer Info Cache
[2010/09/12 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Prism
[2009/06/28 08:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\Ulead Systems
[2010/09/12 18:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SiwikMuller\Application Data\WebApps
[2011/01/09 15:47:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >

OTL Extras logfile created on: 1/9/2011 3:56:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\SiwikMuller\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.03 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.96% Space Free | Partition Type: FAT
Drive G: | 232.88 Gb Total Space | 159.59 Gb Free Space | 68.53% Space Free | Partition Type: NTFS

Computer Name: DEBSRIK | User Name: SiwikMuller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\PROGRA~1\Yahoo!\MESSEN~1\Yserver.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FCDE341-328B-434B-9F21-AF5BADB57852}" = Symantec Technical Support Web Controls
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIOŽ
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative ZEN Nano Plus
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AOL Instant Messenger" = AOL Instant Messenger
"AudibleManager" = AudibleManager
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BitTornado" = BitTornado 0.3.7
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doubleTwist" = doubleTwist
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 5.9
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.1
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Java Web Start" = Java Web Start
"KODAK DC265" = KODAK DC265 Software
"Lexar Media USB Card Reader Driver" = Lexar Media USB Card Reader Driver v2.1g
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NETSCAPE" = Netscape
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Rp Scan and Clean {40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SysInfo" = Creative System Information
"Uninstall_is1" = Uninstall 1.0.0.1
"Verizon Online DSL_is1" = Verizon Online DSL
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3818900820-2077995646-4232387374-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2010 4:13:25 PM | Computer Name = DEBSRIK | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/31/2010 4:13:25 PM | Computer Name = DEBSRIK | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/31/2010 4:13:25 PM | Computer Name = DEBSRIK | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/9/2010 8:34:53 AM | Computer Name = DEBSRIK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 11/9/2010 10:02:42 PM | Computer Name = DEBSRIK | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: WM.Twno.B:Tw (2) in File: C:\Documents and
Settings\SiwikMuller\My Documents\Downloads\ComboFix.exe by: Realtime Protection
scan. Action: Clean failed : Quarantine succeeded : Access denied

Error - 11/9/2010 11:14:03 PM | Computer Name = DEBSRIK | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: WM.Twno.B:Tw (2) in File: C:\Documents and
Settings\SiwikMuller\My Documents\Downloads\ComboFix.exe by: Manual scan. Action:
Clean failed : Leave Alone succeeded :

Error - 12/4/2010 4:07:45 PM | Computer Name = DEBSRIK | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: WM.Twno.B:Tw (2) in File: C:\Documents and
Settings\SiwikMuller\My Documents\Downloads\ComboFix.exe by: Manual scan. Action:
Clean failed : Leave Alone succeeded :

Error - 12/14/2010 8:56:34 PM | Computer Name = DEBSRIK | Source = MsiInstaller | ID = 10005
Description = Product: QuickTime -- A newer version of QuickTime is already installed.
This installation cannot proceed while the newer version of QuickTime is installed.

Error - 12/19/2010 12:37:52 PM | Computer Name = DEBSRIK | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/8/2011 1:39:25 AM | Computer Name = DEBSRIK | Source = Application Error | ID = 1000
Description = Faulting application personalis2011.exe, version 1.30.0.8, faulting
module unknown, version 0.0.0.0, fault address 0x031304da.


< End of report >

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 January 2011 - 05:42 PM

Please disable Spybots TeaTimer and SDHelper as outlined in the link below:
http://forums.malwar...s...st&p=215409

------------------------------------------

Please do this:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25562
    O2 - BHO: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\..\Toolbar\WebBrowser: (Netscape) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - Reg Error: Value error. File not found
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\ms-its - No CLSID value found
    [2011/01/08 00:36:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIZLHJVS
    [2011/01/08 00:33:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\749b84
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    
    :Commands
    [resethosts]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 09 January 2011 - 06:20 PM

All processes killed
========== OTL ==========
HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}\ not found.
Registry value HKEY_USERS\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its\ deleted successfully.
File Protocol\Handler\ms-its - No CLSID value found not found.
C:\Documents and Settings\All Users\Application Data\PIZLHJVS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\749b84\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\Application Data\749b84\PISSys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\749b84\BackUp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\749b84 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 360649 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 768692 bytes
->Temporary Internet Files folder emptied: 753902 bytes

User: SiwikMuller
->Temp folder emptied: 2211278 bytes
->Temporary Internet Files folder emptied: 1919718 bytes
->Java cache emptied: 5997407 bytes
->FireFox cache emptied: 107096539 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58625 bytes
%systemroot%\System32 .tmp files removed: 558097 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5757896 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66328934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01092011_180956

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 January 2011 - 07:05 PM

Please update and run a Full Scan with MBAM.

If you can't update MBAM, the updates are located at the link below:

http://data.mbamupda.../mbam-rules.exe

Post back the log from MBAM, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 09 January 2011 - 08:41 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5490

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/9/2011 8:35:03 PM
mbam-log-2011-01-09 (20-35-03).txt

Scan type: Full scan (C:\|G:\|)
Objects scanned: 266758
Time elapsed: 1 hour(s), 18 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\_OTL\movedfiles\01092011_180956\c_documents and settings\all users\application data\749b84\personalis2011.exe (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 January 2011 - 09:02 PM

Can you get online now??

If so...

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix.

-------------------------------

Then .......
Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:
Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

---------------------------------------

Next:

Please download and run ComboFix:

A few notes first:

[*]ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7
[*]ComboFix must be run from an Administrative account.
[*]Vista and W7 users - Right click, choose "Run as Administrator"
[*]It must be downloaded to and run from your desktop.
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

[*]ComboFix Guide <---please read!

Download ComboFix from one of these locations: (you may have to use right click > save target as)

[*]Link 1
[*]Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit.
More info HERE<-------
They may interfere with the running of ComboFix.

Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

[*]Double click on ComboFix.exe & follow the prompts.

[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

[*] Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part


[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.
[*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If a reboot doesn't restore your connection, please try this:
Check HERE
For XP systems download and run WinSockFix and Here

Vista users: Check HERE
Windows 7 systems: Download and run this Winsockfix.bat

[*]5.Give ComboFix at least 20-30 minutes to finish if needed.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 10 January 2011 - 08:35 PM

ComboFix 11-01-10.04 - SiwikMuller 01/10/2011 20:15:35.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.580 [GMT -5:00]
Running from: c:\documents and settings\SiwikMuller\Desktop\ComboFix.exe
AV: Personal Internet Security 2011 *Enabled/Updated* {5DA77C72-2588-4276-BF0E-32784025A3DD}
FW: Personal Internet Security 2011 *Enabled* {F613E30E-2B71-470D-B273-F32F5A8A5CC4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SiwikMuller\Recent\ANTIGEN.dll
c:\documents and settings\SiwikMuller\Recent\cb.sys
c:\documents and settings\SiwikMuller\Recent\cid.tmp
c:\documents and settings\SiwikMuller\Recent\CLSV.tmp
c:\documents and settings\SiwikMuller\Recent\DBOLE.drv
c:\documents and settings\SiwikMuller\Recent\ddv.tmp
c:\documents and settings\SiwikMuller\Recent\delfile.dll
c:\documents and settings\SiwikMuller\Recent\eb.sys
c:\documents and settings\SiwikMuller\Recent\energy.dll
c:\documents and settings\SiwikMuller\Recent\energy.drv
c:\documents and settings\SiwikMuller\Recent\exec.exe
c:\documents and settings\SiwikMuller\Recent\exec.sys
c:\documents and settings\SiwikMuller\Recent\fan.dll
c:\documents and settings\SiwikMuller\Recent\fan.tmp
c:\documents and settings\SiwikMuller\Recent\FS.drv
c:\documents and settings\SiwikMuller\Recent\FW.sys
c:\documents and settings\SiwikMuller\Recent\grid.exe
c:\documents and settings\SiwikMuller\Recent\hymt.sys
c:\documents and settings\SiwikMuller\Recent\kernel32.drv
c:\documents and settings\SiwikMuller\Recent\pal.exe
c:\documents and settings\SiwikMuller\Recent\PE.dll
c:\documents and settings\SiwikMuller\Recent\PE.drv
c:\documents and settings\SiwikMuller\Recent\PE.tmp
c:\documents and settings\SiwikMuller\Recent\runddl.dll
c:\documents and settings\SiwikMuller\Recent\tempdoc.sys
c:\documents and settings\SiwikMuller\Recent\tempdoc.tmp
c:\documents and settings\SiwikMuller\Recent\tjd.drv
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-09 23:09 . 2011-01-09 23:09 -------- d-----w- C:\_OTL
2011-01-07 22:29 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{855C15E2-4E8F-4F9D-B60A-AA3C3B09A56E}\mpengine.dll
2010-12-24 15:17 . 2010-12-24 15:17 -------- d-----w- c:\documents and settings\SiwikMuller\Application Data\DVDVideoSoft
2010-12-24 15:17 . 2010-12-24 15:17 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-12-24 15:17 . 2010-12-24 15:17 -------- d-----w- c:\program files\DVDVideoSoft
2010-12-15 23:43 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:41 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-09-07 01:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-09-07 01:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-09-06 13:48 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2006-05-01 03:42 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2004-09-06 13:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-09-06 13:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-09-06 13:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-09-06 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-09-06 13:46 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41 . 2009-10-03 13:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"vptray"="c:\program files\NavNT\vptray.exe" [2000-10-09 53248]
"Disk Monitor"="c:\program files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe" [2003-10-28 438784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-17 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-1-24 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-29 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-2-4 1528880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [7/9/2003 7:07 PM 4064]
R2 iPodDrv;iPodDrv;c:\windows\SYSTEM32\DRIVERS\iPodDrv.sys [8/4/2010 4:41 PM 6656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2011-01-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-09-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy2\SpybotSD.exe [2009-01-22 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
FF - ProfilePath - c:\documents and settings\SiwikMuller\Application Data\Mozilla\Firefox\Profiles\7ipgivmu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\SiwikMuller\Application Data\Move Networks
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\System32\NavLogon.dll
.
Completion time: 2011-01-10 20:26:21
ComboFix-quarantined-files.txt 2011-01-11 01:26
ComboFix2.txt 2009-09-15 01:18

Pre-Run: 10,005,471,232 bytes free
Post-Run: 9,965,641,728 bytes free

- - End Of File - - 3563E7025E957F64CA340C85D0138090

2011/01/10 20:08:35.0515 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/10 20:08:35.0515 ================================================================================
2011/01/10 20:08:35.0515 SystemInfo:
2011/01/10 20:08:35.0515
2011/01/10 20:08:35.0515 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/10 20:08:35.0515 Product type: Workstation
2011/01/10 20:08:35.0515 ComputerName: DEBSRIK
2011/01/10 20:08:35.0515 UserName: SiwikMuller
2011/01/10 20:08:35.0515 Windows directory: C:\WINDOWS
2011/01/10 20:08:35.0515 System windows directory: C:\WINDOWS
2011/01/10 20:08:35.0515 Processor architecture: Intel x86
2011/01/10 20:08:35.0515 Number of processors: 1
2011/01/10 20:08:35.0515 Page size: 0x1000
2011/01/10 20:08:35.0515 Boot type: Normal boot
2011/01/10 20:08:35.0515 ================================================================================
2011/01/10 20:08:35.0812 Initialize success
2011/01/10 20:08:39.0921 ================================================================================
2011/01/10 20:08:39.0921 Scan started
2011/01/10 20:08:39.0921 Mode: Manual;
2011/01/10 20:08:39.0921 ================================================================================
2011/01/10 20:08:41.0375 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/01/10 20:08:41.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/10 20:08:41.0718 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/10 20:08:41.0875 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/01/10 20:08:42.0031 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/01/10 20:08:42.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/10 20:08:42.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/10 20:08:42.0750 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/01/10 20:08:42.0906 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/01/10 20:08:43.0125 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/01/10 20:08:43.0265 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/01/10 20:08:43.0437 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/01/10 20:08:43.0546 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/01/10 20:08:43.0671 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/01/10 20:08:43.0781 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/01/10 20:08:43.0937 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/01/10 20:08:44.0093 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/01/10 20:08:44.0250 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/01/10 20:08:44.0406 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/01/10 20:08:44.0578 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/10 20:08:44.0718 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/10 20:08:44.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/10 20:08:45.0046 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
2011/01/10 20:08:45.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/10 20:08:45.0281 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/10 20:08:45.0437 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/01/10 20:08:45.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/10 20:08:45.0812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/01/10 20:08:45.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/10 20:08:46.0093 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/01/10 20:08:46.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/10 20:08:46.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/10 20:08:46.0421 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/01/10 20:08:46.0546 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/01/10 20:08:46.0687 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/10 20:08:46.0828 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/01/10 20:08:47.0171 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/01/10 20:08:47.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/01/10 20:08:47.0531 CSS DVP (10d08460d2415b38d4179d91a6ae3a25) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
2011/01/10 20:08:48.0000 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/01/10 20:08:48.0203 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/01/10 20:08:48.0390 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/01/10 20:08:48.0562 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/01/10 20:08:48.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/10 20:08:48.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/10 20:08:49.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/10 20:08:49.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/10 20:08:49.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/10 20:08:49.0375 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/01/10 20:08:49.0578 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/01/10 20:08:49.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/10 20:08:49.0843 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/01/10 20:08:49.0984 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/01/10 20:08:50.0140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/10 20:08:50.0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/10 20:08:50.0437 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/10 20:08:50.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/10 20:08:50.0703 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/10 20:08:50.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/10 20:08:50.0953 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/10 20:08:51.0093 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/10 20:08:51.0218 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/10 20:08:51.0375 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/01/10 20:08:51.0500 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/10 20:08:51.0671 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/10 20:08:51.0812 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/10 20:08:51.0953 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/10 20:08:52.0093 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/10 20:08:52.0187 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/01/10 20:08:52.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/10 20:08:52.0406 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/01/10 20:08:52.0546 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/01/10 20:08:52.0671 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/01/10 20:08:52.0796 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/01/10 20:08:52.0921 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/01/10 20:08:53.0046 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/01/10 20:08:53.0328 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/01/10 20:08:53.0562 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/01/10 20:08:53.0765 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/01/10 20:08:53.0875 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/01/10 20:08:54.0031 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/10 20:08:54.0203 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/10 20:08:54.0359 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/01/10 20:08:54.0484 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/01/10 20:08:54.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/10 20:08:54.0781 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/10 20:08:54.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/10 20:08:55.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/10 20:08:55.0140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/10 20:08:55.0312 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
2011/01/10 20:08:55.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/10 20:08:55.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/10 20:08:55.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/10 20:08:55.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/10 20:08:56.0000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/10 20:08:56.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/10 20:08:56.0406 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/01/10 20:08:56.0531 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/01/10 20:08:56.0671 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/10 20:08:56.0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/10 20:08:56.0921 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/10 20:08:57.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/10 20:08:57.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/10 20:08:57.0281 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/01/10 20:08:57.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/10 20:08:57.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/10 20:08:57.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/10 20:08:57.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/10 20:08:58.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/10 20:08:58.0265 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/10 20:08:58.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/10 20:08:58.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/10 20:08:59.0031 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/01/10 20:08:59.0156 NAVAPEL (b898fafdc104743cb20512a74bc90bbb) C:\Program Files\NavNT\NAVAPEL.SYS
2011/01/10 20:08:59.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/10 20:08:59.0484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/10 20:08:59.0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/10 20:08:59.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/10 20:08:59.0890 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/10 20:09:00.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/10 20:09:00.0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/10 20:09:00.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/10 20:09:00.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/10 20:09:00.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/10 20:09:00.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/10 20:09:01.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/10 20:09:01.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/10 20:09:01.0359 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/10 20:09:01.0484 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/01/10 20:09:01.0640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/10 20:09:01.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/10 20:09:01.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/10 20:09:01.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/10 20:09:02.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/10 20:09:02.0234 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/10 20:09:02.0656 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/01/10 20:09:02.0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/01/10 20:09:03.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/10 20:09:03.0125 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/10 20:09:03.0250 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/10 20:09:03.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/10 20:09:03.0468 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/01/10 20:09:03.0625 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/10 20:09:03.0796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/01/10 20:09:03.0937 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/01/10 20:09:04.0109 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/01/10 20:09:04.0468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/01/10 20:09:04.0625 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/01/10 20:09:04.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/10 20:09:04.0859 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/10 20:09:05.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/10 20:09:05.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/10 20:09:05.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/10 20:09:05.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/10 20:09:05.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/10 20:09:05.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/10 20:09:05.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/10 20:09:05.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/10 20:09:06.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/10 20:09:06.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/10 20:09:06.0421 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/10 20:09:06.0640 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/01/10 20:09:06.0796 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/10 20:09:06.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/01/10 20:09:07.0093 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/10 20:09:07.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/10 20:09:07.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/10 20:09:07.0546 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/10 20:09:07.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/10 20:09:07.0828 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/01/10 20:09:07.0968 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/01/10 20:09:08.0062 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS
2011/01/10 20:09:08.0218 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/01/10 20:09:08.0359 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/01/10 20:09:08.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/10 20:09:08.0656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/10 20:09:08.0812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/10 20:09:08.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/10 20:09:09.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/10 20:09:09.0234 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/01/10 20:09:09.0421 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/01/10 20:09:09.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/10 20:09:09.0953 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/01/10 20:09:10.0078 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/10 20:09:10.0218 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/10 20:09:10.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/10 20:09:10.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/10 20:09:10.0546 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/10 20:09:10.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/10 20:09:10.0765 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/10 20:09:10.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/10 20:09:10.0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/10 20:09:11.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/10 20:09:11.0218 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/01/10 20:09:11.0328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/01/10 20:09:11.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/10 20:09:11.0562 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/01/10 20:09:11.0828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/10 20:09:12.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/10 20:09:12.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/10 20:09:12.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/10 20:09:12.0625 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/01/10 20:09:12.0796 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/01/10 20:09:13.0078 ================================================================================
2011/01/10 20:09:13.0078 Scan finished
2011/01/10 20:09:13.0078 ================================================================================
2011/01/10 20:10:32.0718 Deinitialize success


Note: When I ran combofix I got the error message that Personal Internet Security 2011 was running again, but I ran combofix anyway.

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 11 January 2011 - 08:08 AM

Looks Good

ComboFix cleared out the remaining files related to Personal Internet Security 2011.
Update and run a quick scan with MBAM and post back the log.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 11 January 2011 - 08:17 PM

Here's the MBAM log. However, just out of curiosity I tried to run ComboFix again. I still get the warning message that 'Personal Internet Security 2011' is running..........

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5505

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/11/2011 7:55:49 PM
mbam-log-2011-01-11 (19-55-49).txt

Scan type: Quick scan
Objects scanned: 160975
Time elapsed: 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 11 January 2011 - 08:22 PM

How is it now?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 11 January 2011 - 10:12 PM

When I tried to run combofix again, it gave me the warning that PIS 2011 was running, so I didn't run it. should I?

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 11 January 2011 - 10:17 PM

Delete your copy of ComboFix and download a fresh copy and then run it, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 11 January 2011 - 11:07 PM

I uninstalled combofix and downloaded a fresh copy. I still get the error message, but I ran it anyway. Here is the log.


ComboFix 11-01-11.01 - SiwikMuller 01/11/2011 22:54:00.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -5:00]
Running from: c:\documents and settings\SiwikMuller\Desktop\ComboFix.exe
AV: Personal Internet Security 2011 *Enabled/Updated* {5DA77C72-2588-4276-BF0E-32784025A3DD}
FW: Personal Internet Security 2011 *Enabled* {F613E30E-2B71-470D-B273-F32F5A8A5CC4}
.

((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-12 00:01 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{057BADC3-277D-4334-BDFC-DBA0AEB8FA37}\mpengine.dll
2011-01-09 23:09 . 2011-01-09 23:09 -------- d-----w- C:\_OTL
2010-12-24 15:17 . 2010-12-24 15:17 -------- d-----w- c:\documents and settings\SiwikMuller\Application Data\DVDVideoSoft
2010-12-24 15:17 . 2010-12-24 15:17 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-12-24 15:17 . 2010-12-24 15:17 -------- d-----w- c:\program files\DVDVideoSoft
2010-12-15 23:43 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:41 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-09-07 01:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-09-07 01:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-09-06 13:48 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2006-05-01 03:42 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2004-09-06 13:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-09-06 13:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-09-06 13:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-09-06 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-09-06 13:46 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41 . 2009-10-03 13:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"vptray"="c:\program files\NavNT\vptray.exe" [2000-10-09 53248]
"Disk Monitor"="c:\program files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe" [2003-10-28 438784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-17 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-1-24 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-29 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-2-4 1528880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [7/9/2003 7:07 PM 4064]
R2 iPodDrv;iPodDrv;c:\windows\SYSTEM32\DRIVERS\iPodDrv.sys [8/4/2010 4:41 PM 6656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2011-01-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-09-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy2\SpybotSD.exe [2009-01-22 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
FF - ProfilePath - c:\documents and settings\SiwikMuller\Application Data\Mozilla\Firefox\Profiles\7ipgivmu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\SiwikMuller\Application Data\Move Networks
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\System32\NavLogon.dll

- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-11 23:03:05
ComboFix-quarantined-files.txt 2011-01-12 04:02
ComboFix2.txt 2011-01-11 01:26

Pre-Run: 9,965,838,336 bytes free
Post-Run: 9,941,430,272 bytes free

- - End Of File - - 8A8A89579EFE46B5CD8DF90583B18EE4

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 January 2011 - 08:45 AM

Other than ComboFix finding Personal Internet Security 2011, how's the computer running?
Any more signs of Personal Internet Security 2011?

------------------------

Please do this:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfind
    5DA77C72-2588-4276-BF0E-32784025A3DD
    F613E30E-2B71-470D-B273-F32F5A8A5CC4
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 12 January 2011 - 12:25 PM

Except for the warning when I run combofix, everything else seems perfect.

Here is the systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 12:22 on 12/01/2011 by SiwikMuller
Administrator - Elevation successful

========== regfind ==========

Searching for "5DA77C72-2588-4276-BF0E-32784025A3DD"
No data found.

Searching for "F613E30E-2B71-470D-B273-F32F5A8A5CC4"
No data found.

-= EOF =-

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 January 2011 - 01:26 PM

Do a search for Personal Internet Security 2011 on your computer by going to Start > Search > File/Folders

Also do a search for 5DA77C72-2588-4276-BF0E-32784025A3DD and

F613E30E-2B71-470D-B273-F32F5A8A5CC4

See what you find, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 DebS

DebS

    New Member

  • Members
  • Pip
  • 43 posts

Posted 12 January 2011 - 07:03 PM

The only thing I found was within the combofix logs, so I deleted them. Otherwise it's clean.

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 January 2011 - 07:51 PM

Let me check with the developer of ComboFix and see where it looks for anti-virus and firewall programs that are installed.

I'll get back to you, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users