ghettogirll

Wow...thanks soooo much. You have been a GREAT help and I really appreciate it. I will do as you suggested and purchase the full version of Malwarebytes. And I am going to bookmark the links from above so I can do frequents scans & such. Was wondering since you've been so patient and helpful with me, if I am allowed to send you a tip or something to show my appreciation. If so, where should I send it? Thanks again

OTL moved files log....... All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: Owner ->Temp folder emptied: 121 bytes File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5764960 bytes ->Google Chrome cache emptied: 0 bytes User: thetezter ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_650.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 17048 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.61 mb OTL by OldTimer - Version 3.0.18.4 log created on 10062009_122709 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_650.dat not found! Registry entries deleted on Reboot... combo-fix log..... ComboFix 09-10-05.01 - Owner 10/06/2009 12:38.5.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.238 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\iWin Games\iWinGamesHookIE.dll . ((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 ))))))))))))))))))))))))))))))) . 2009-10-06 07:51 . 2009-10-06 07:56 -------- d-----w- c:\documents and settings\Owner\.SunDownloadManager 2009-10-06 07:43 . 2009-10-06 07:45 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-06 07:41 . 2009-10-06 07:41 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-10-06 07:37 . 2009-10-06 08:06 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS 2009-10-06 07:27 . 2009-10-06 07:42 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-06 07:27 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-10-06 07:27 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-10-06 07:27 . 2009-10-06 07:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-05 04:39 . 2009-10-05 04:41 -------- dc----w- c:\documents and settings\All Users\Application Data\SuperRanch 2009-10-05 04:35 . 2009-10-06 16:46 -------- d-----w- c:\program files\iWin Games 2009-09-26 21:31 . 2009-09-26 21:31 -------- d-----w- c:\program files\Avira 2009-09-26 20:30 . 2009-09-26 20:32 -------- dc----w- C:\Combo-Fix24184C 2009-09-22 17:31 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-22 17:31 . 2009-09-22 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 17:31 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-22 07:37 . 2009-09-22 07:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Astar Games 2009-09-21 03:04 . 2009-09-21 04:15 -------- d-----w- c:\program files\Funkitron 2009-09-19 21:21 . 2009-09-19 21:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-16 17:45 . 2009-09-18 07:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Merscom 2009-09-15 17:19 . 2009-09-15 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Once Upon a Time in Chicago 2009-09-15 17:19 . 2009-09-15 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Once Upon a Time in Chicago 2009-09-13 22:20 . 2009-09-13 22:20 -------- d-----w- c:\program files\AskBarDis 2009-09-13 17:44 . 2009-09-13 17:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Sanna 2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\program files\The Legend of Sanna - Rise of a Great Colony 2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\windows\The Legend of Sanna - Rise of a Great Colony 2009-09-12 05:00 . 2009-09-12 05:04 -------- dc----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3 2009-09-12 04:58 . 2009-09-13 04:00 -------- d-----w- c:\program files\Alawar 2009-09-10 16:43 . 2009-09-12 04:47 -------- d-----w- c:\program files\Farm Frenzy 2009-09-07 21:21 . 2009-09-07 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\DivoGames 2009-09-07 20:58 . 2009-09-07 20:58 -------- d-----w- c:\program files\Be Richer 2009-09-07 20:54 . 2009-09-07 20:54 -------- d-----w- c:\windows\Be Richer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-06 08:23 . 2007-09-01 17:38 -------- d-----w- c:\program files\Java 2009-10-06 08:13 . 2008-11-17 19:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-06 07:42 . 2009-03-28 18:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-05 05:43 . 2008-12-29 19:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus 2009-10-05 05:42 . 2009-08-29 04:57 -------- d-----w- c:\program files\iWin.com 2009-10-05 05:41 . 2007-08-22 02:54 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-03 22:49 . 2007-08-23 23:39 -------- dc----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-10-01 05:09 . 2008-01-12 19:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Valusoft 2009-10-01 05:09 . 2008-01-12 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Valusoft 2009-09-27 19:18 . 2007-11-10 01:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Fugazo 2009-09-26 20:24 . 2008-11-14 17:35 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-25 17:19 . 2007-08-23 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-09-25 17:19 . 2007-08-22 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst 2009-09-25 17:16 . 2007-08-23 23:39 -------- d-----w- c:\program files\bfgclient 2009-09-25 06:38 . 2007-10-18 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\funkitron 2009-09-23 07:57 . 2008-02-03 13:43 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-20 06:47 . 2008-11-28 21:52 -------- d-----w- c:\documents and settings\Owner\Application Data\GameInvest 2009-09-19 21:26 . 2008-12-16 19:27 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee 2009-09-19 20:31 . 2009-08-31 01:31 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-18 07:05 . 2009-06-30 01:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Merscom 2009-09-13 22:21 . 2008-12-29 19:44 -------- d-----w- c:\program files\Vuze 2009-09-13 04:00 . 2009-02-18 19:30 -------- dc----w- c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-09-06 01:59 . 2009-09-05 18:01 -------- d-----w- c:\program files\RealArcade 2009-09-06 01:58 . 2009-02-09 15:09 -------- d-----w- c:\program files\CCleaner 2009-09-05 21:28 . 2009-06-30 00:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure 2009-09-05 19:20 . 2009-09-05 19:20 -------- d-----w- c:\program files\Zylom Games 2009-09-05 18:05 . 2007-09-13 00:55 -------- dc----w- c:\documents and settings\All Users\Application Data\HipSoft 2009-09-04 06:29 . 2009-04-18 20:30 -------- d-----w- c:\program files\UnHackMe 2009-09-03 16:45 . 2009-08-31 16:46 -------- d-----w- c:\program files\Iceblast 2009-09-02 05:57 . 2009-09-02 05:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-02 05:56 . 2009-08-29 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-02 05:55 . 2008-11-22 06:03 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-30 22:46 . 2009-08-30 22:46 -------- d-----w- c:\program files\Lavalys 2009-08-29 23:27 . 2009-03-11 06:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-08-29 23:03 . 2009-03-28 21:19 -------- d-----w- c:\program files\Mcam 2009-08-28 23:13 . 2009-08-28 23:13 -------- d-----w- c:\documents and settings\Owner\Application Data\panoramik 2009-08-27 16:46 . 2009-08-27 15:50 -------- dc----w- c:\documents and settings\All Users\Application Data\game_fillup_v2_usa 2009-08-27 06:04 . 2009-08-27 06:04 -------- dc----w- c:\documents and settings\All Users\Application Data\fillup 2009-08-22 22:54 . 2009-02-21 02:09 -------- d-----w- c:\program files\7-Zip 2009-08-22 22:26 . 2008-01-01 19:26 -------- dc----w- c:\documents and settings\All Users\Application Data\WildTangent 2009-08-22 22:25 . 2007-10-22 21:48 -------- d-----w- c:\program files\Yahoo! Games 2009-08-22 05:28 . 2007-08-19 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-21 05:16 . 2009-08-21 05:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-20 17:52 . 2007-08-19 18:27 -------- d-----w- c:\program files\EA GAMES 2009-08-16 05:35 . 2009-08-16 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Batovi 2009-08-15 19:29 . 2007-08-22 01:48 -------- d-----w- c:\program files\Google 2009-08-14 05:56 . 2008-02-02 01:59 -------- dc----w- c:\documents and settings\All Users\Application Data\iwin 2009-08-14 05:56 . 2007-12-05 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin 2009-08-12 05:23 . 2009-08-11 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia 2009-08-10 14:54 . 2009-08-10 14:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GraveyardShift 2009-08-09 00:37 . 2009-08-09 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Protexis 2009-08-09 00:27 . 2007-11-10 01:01 -------- d-----w- c:\program files\GamesBar 2009-08-09 00:25 . 2008-12-14 07:51 -------- d-----w- c:\documents and settings\Owner\Application Data\CaribbeanHideaway 2009-08-09 00:13 . 2009-08-09 00:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Oberon Media 2009-08-08 23:07 . 2009-08-08 23:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Candy Factory 2009-08-08 23:06 . 2009-08-08 23:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberon Media 2009-08-08 23:04 . 2009-08-08 23:04 -------- d-----w- c:\program files\Common Files\Oberon Media 2009-08-06 05:24 . 2009-07-25 02:47 49 ----a-w- c:\windows\popcinfot.dat 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 01:08 . 2007-08-24 14:50 13888 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2007-09-27 01:10 . 2007-09-27 01:11 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-04-18 20:31 . 2009-04-18 20:31 2 --shatr- c:\windows\winstart.bat 2002-07-31 23:55 . 2007-10-11 02:23 102 -csh--w- c:\windows\WSYS049.SYS . ((((((((((((((((((((((((((((( SnapShot@2009-09-22_07.04.02 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-06 07:27 . 2009-10-06 07:42 28520 c:\windows\system32\drivers\ssmdrv.sys + 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-09-19 21:21 . 2009-09-25 06:23 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2009-09-19 21:21 . 2009-09-20 20:02 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-10-06 07:46 . 2009-10-06 07:46 21504 c:\windows\Installer\2f78b.msi + 2009-10-06 07:41 . 2009-10-06 07:41 27648 c:\windows\Installer\2f781.msi + 2002-03-19 21:30 . 2002-03-19 21:30 177152 c:\windows\system32\tweakui.exe - 2004-08-04 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll + 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll + 2009-10-06 08:14 . 2009-10-06 08:13 149280 c:\windows\system32\javaws.exe + 2009-10-06 08:14 . 2009-10-06 08:13 145184 c:\windows\system32\javaw.exe + 2009-10-06 08:14 . 2009-10-06 08:13 145184 c:\windows\system32\java.exe - 2007-07-11 19:45 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll + 2007-07-11 19:45 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll - 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll + 2009-09-24 06:55 . 2009-09-24 06:55 304640 c:\windows\Installer\2cb8c0f.msi + 2009-09-23 07:19 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2009-09-23 07:19 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2009-09-23 07:19 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2009-03-26 17:47 . 2009-09-24 06:54 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi - 2009-03-26 17:47 . 2009-03-26 17:47 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi - 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll + 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll - 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2009-10-06 08:13 . 2009-10-06 08:13 1757696 c:\windows\Installer\7ea8d.msi + 2009-10-06 07:46 . 2009-10-06 07:46 3938816 c:\windows\Installer\2f786.msi + 2009-03-28 22:25 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe + 2009-09-23 07:20 . 2009-09-23 07:20 15709696 c:\windows\Installer\1337e9.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-06 149280] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2003-06-19 548864] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0Partizan [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^H3 The Shadow of Death.lnk] backup=c:\windows\pss\H3 The Shadow of Death.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MostFun.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "TomTomHOMEService"=2 (0x2) "iWinTrusted"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/6/2009 03:27 AM 108289] R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [3/6/2000 09:59 AM 25658] R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [8/3/2004 07:07 PM 63744] R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2/24/2000 04:45 PM 10012] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 08:00 AM 14336] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 09:18 PM 23680] S3 nenum13E;nenum13E;\??\c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [4/18/2009 04:31 PM 34760] S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 01:30 PM 78104] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42] 2009-10-05 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2004-08-04 00:12] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank Trusted Zone: internet Trusted Zone: mcafee.com DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q= FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-06 12:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-764733703-1343024091-1003\Software\SecuROM\License information*] "datasecu"=hex:2c,a2,2d,68,1e,b2,83,4e,59,87,76,cc,7a,eb,e3,ed,df,4c,01,7f,5f, 1d,ab,dc,a3,89,a1,71,da,31,4c,86,b9,c9,0b,ff,5a,1d,62,7e,1e,08,4b,20,9f,84,\ "rkeysecu"=hex:4e,08,d7,a7,f2,8b,42,cc,8b,e5,07,42,1d,98,f2,b3 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2009-10-06 12:50 ComboFix-quarantined-files.txt 2009-10-06 16:50 ComboFix2.txt 2009-09-26 20:45 ComboFix3.txt 2009-09-22 17:00 ComboFix4.txt 2009-09-22 07:09 Pre-Run: 20,159,062,016 bytes free Post-Run: 20,134,469,632 bytes free 310 --- E O F --- 2009-09-23 07:24

first otl scan log.... OTL logfile created on: 10/6/2009 04:24:45 AM - Run 1 OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.46 Mb Total Physical Memory | 243.02 Mb Available Physical Memory | 47.51% Memory free 1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.90% Paging File free Paging file location(s): C:\pagefile.sys 768 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 18.71 Gb Free Space | 25.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-F7A85A315 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/06 03:42:32 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/10/06 03:42:29 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/10/06 04:13:53 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009/10/06 04:13:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/06 02:54:01 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/10/06 03:42:32 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running]) SRV - [2009/10/06 03:42:29 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009/08/22 18:50:47 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped]) SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped]) SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009/09/02 13:30:28 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted [Disabled | Stopped]) SRV - [2009/10/06 04:13:53 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Stopped]) SRV - [2009/08/27 11:05:04 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Disabled | Stopped]) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:3.0.31.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090122Wb2 FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q=" FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 14:28:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/10/05 00:35:19 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/17 15:31:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/13 18:20:14 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 03:45:39 | 00,000,000 | ---D | M] [2009/06/24 22:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions [2009/02/13 20:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/24 22:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\home2@tomtom.com [2009/10/06 04:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions [2009/07/02 13:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/03/11 02:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/04/13 15:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/03/25 12:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{7254fdcb-083f-4626-956e-addd7989d7fe} [2009/09/23 12:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009/06/30 20:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2009/08/14 00:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/06 03:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/09/13 18:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/09/12 21:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\2020Player@2020Technologies.com [2009/10/03 18:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\personas@christopher.beard [2007/10/25 10:46:32 | 00,004,946 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pupvatsk.default\searchplugins\comcast.xml [2009/02/17 08:52:56 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pupvatsk.default\searchplugins\conduit.xml [2009/10/06 04:18:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/11 18:01:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/06 04:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/08/04 12:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\npmozax@real.com [2009/09/11 18:01:39 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/11 18:01:40 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/10/06 04:13:55 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/09/11 18:01:42 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/03/30 17:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll [2009/07/02 11:19:28 | 00,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/08/30 02:03:27 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png [2009/08/30 02:03:27 | 00,001,962 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml [2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 530 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Sunshine%20Acres/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1184185348947 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Heartwild%20Solitaire/Images/armhelper.ocx (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/11 15:48:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/08/29 19:01:44 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (SsiEfr.e) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/10/06 03:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2009/10/06 03:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/10/05 00:39:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SuperRanch [2009/10/06 03:43:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009/10/06 03:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2009/09/26 17:31:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009/10/05 00:35:18 | 00,000,000 | ---D | C] -- C:\Program Files\iWin Games [2009/09/22 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/06 03:27:58 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009/10/06 03:27:58 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009/10/06 03:27:58 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009/10/06 03:27:57 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009/10/06 02:55:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/10/02 00:51:56 | 00,787,000 | ---- | C] (Prevx) -- C:\Documents and Settings\Owner\Desktop\PREVXCSIFREE.EXE [2009/10/01 14:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sent to phone [2009/10/01 14:10:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tez's mp3 files [2009/10/01 11:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\dee's mp3 files [2009/09/26 16:45:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009/09/26 16:30:04 | 00,000,000 | ---D | C] -- C:\Combo-Fix24184C [2009/09/25 02:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Slingo Mystery Documents [2009/09/24 03:00:39 | 17,566,488 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe [2009/09/23 12:33:44 | 01,304,576 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Owner\Desktop\Norman_Sinowal_Cleaner.exe [2009/09/22 13:31:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/22 13:31:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/22 13:31:21 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mymcam-setup.exe [2007/09/26 21:11:01 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll ========== Files - Modified Within 14 Days ========== [2009/10/06 04:17:09 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/06 04:16:54 | 00,198,222 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/06 04:16:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/06 04:16:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/06 03:42:33 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009/10/06 03:42:33 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/10/06 03:42:33 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009/10/06 03:32:27 | 00,001,122 | ---- | M] () -- C:\WINDOWS\win.ini [2009/10/06 03:32:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/10/06 03:32:26 | 00,000,261 | ---- | M] () -- C:\WINDOWS\system.ini [2009/10/06 03:28:22 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2009/10/06 02:54:01 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/10/05 00:36:41 | 00,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play iWin Games.lnk [2009/10/05 00:03:00 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job [2009/10/03 19:30:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/10/03 18:36:43 | 00,150,181 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sfcdrvrem.zip [2009/10/02 00:52:10 | 00,000,680 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/10/02 00:51:57 | 00,787,000 | ---- | M] (Prevx) -- C:\Documents and Settings\Owner\Desktop\PREVXCSIFREE.EXE [2009/10/01 11:50:13 | 04,321,272 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/09/26 16:29:27 | 03,321,356 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe [2009/09/25 13:16:57 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk [2009/09/24 03:48:09 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Desktop\DMSetup-Serial.exe [2009/09/24 03:01:21 | 17,566,488 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe [2009/09/23 13:49:05 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/23 12:33:45 | 01,304,576 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Owner\Desktop\Norman_Sinowal_Cleaner.exe [2009/09/22 13:31:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/22 13:31:22 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mymcam-setup.exe ========== Files - No Company Name ========== [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\jasusuje [2009/10/06 03:28:22 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2009/10/03 18:36:42 | 00,150,181 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sfcdrvrem.zip [2009/09/25 13:16:57 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk [2009/09/22 13:31:57 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/22 12:46:28 | 03,321,356 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe [2009/07/04 12:30:35 | 00,007,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2007/12/24 22:16:30 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\.mpid [2007/10/30 18:38:28 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin [2007/10/30 15:58:05 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2007/09/18 20:19:42 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/26 20:59:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AVSDVDPlayer.m3u [2007/08/24 10:51:05 | 00,002,948 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/08/24 10:50:58 | 00,013,888 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007/07/11 16:16:59 | 04,321,272 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2007/07/11 15:58:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini [2007/07/11 11:36:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini ========== LOP Check ========== [2009/10/06 04:24:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2008/12/23 16:09:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios [2009/03/11 03:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions [2009/02/07 19:36:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze [2009/09/13 00:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper [2009/02/09 13:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ApeZone [2007/08/27 20:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU [2008/12/29 15:45:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2009/02/20 22:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver [2009/04/01 00:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios [2009/01/03 13:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg [2007/07/11 17:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2009/08/08 19:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory [2009/07/29 13:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge [2009/07/24 17:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames [2009/07/30 00:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DreamFarm [2009/01/20 23:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner [2008/02/02 13:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA [2009/01/03 00:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames [2007/09/15 23:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord [2008/12/29 16:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise [2009/06/14 14:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2 [2009/01/17 06:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2 [2009/09/12 01:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3 [2009/02/19 21:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty [2008/11/24 00:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2 [2009/08/27 02:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup [2007/11/22 12:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireGlow [2008/11/15 16:05:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames [2009/09/27 15:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo [2009/08/27 12:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa [2008/11/17 00:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2008/01/31 21:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet [2009/08/01 00:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games [2009/03/02 19:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2007/12/07 19:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games [2007/12/27 19:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare [2009/09/05 14:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft [2009/02/15 00:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games [2009/04/13 14:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2009/08/14 01:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iwin [2009/01/20 23:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2007/09/16 14:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2008/01/21 21:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kayo Games [2007/10/03 20:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive [2008/11/17 01:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia [2009/09/18 03:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom [2009/02/16 02:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2008/11/28 19:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age [2008/11/18 04:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople [2007/10/27 12:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2007/12/31 16:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania [2008/12/14 18:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks [2008/12/06 19:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games [2008/01/18 18:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games [2009/08/08 20:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media [2009/09/15 13:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Once Upon a Time in Chicago [2008/12/27 23:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory [2008/11/15 06:10:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2009/09/25 13:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2008/12/22 21:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playfirst Ashtons Family Resort [2008/12/20 14:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond [2007/12/19 17:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games [2009/08/02 15:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pony-World-Deluxe [2009/07/24 19:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2009/01/23 16:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio [2009/07/14 14:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2009/01/13 23:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave [2009/05/16 01:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games [2009/03/15 21:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sortasoft [2007/09/09 19:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games [2009/09/05 17:28:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure [2009/01/24 12:51:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames [2009/10/05 00:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch [2009/10/05 01:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/11/03 20:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThwartPoker Software [2009/04/19 16:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames [2009/06/24 22:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2007/08/22 22:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2009/06/23 18:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick [2009/10/01 01:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft [2008/11/18 13:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm [2009/08/22 18:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2007/09/05 19:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar [2009/02/09 19:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno [2007/12/01 11:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2007/12/20 12:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2009/09/22 03:01:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data [2009/06/23 22:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars [2007/10/12 20:55:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Abra Academy2 [2008/12/13 23:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlterLab [2008/11/14 03:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcadeTown_Janes_Realty [2007/08/28 21:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Avernum 4 Saved Games [2009/07/31 12:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3 [2007/12/23 01:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II [2008/05/28 19:07:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVSMedia [2009/10/05 01:43:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus [2009/08/12 01:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylonia [2009/08/16 01:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Batovi [2009/03/25 13:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish [2009/06/29 15:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitZipper [2009/06/20 01:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BlamGames [2009/01/03 13:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg [2008/01/03 19:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom [2009/03/12 03:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games [2009/04/13 13:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap [2009/07/03 15:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camel101 [2009/08/08 20:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CaribbeanHideaway [2009/07/29 13:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasualForge [2008/12/14 19:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames [2008/12/22 15:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games [2007/10/04 18:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ColorTrail [2009/09/07 17:21:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames [2009/02/15 22:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dreamsdwell Stories [2007/08/25 22:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EA [2009/01/03 00:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eGames [2009/07/24 17:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games [2009/05/10 17:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enchanted Katya [2009/07/16 11:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio [2009/05/11 01:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EternalEden [2007/10/27 12:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Eyeblaster [2009/01/08 20:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds [2009/06/14 00:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Faerie Solitaire [2008/12/18 01:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane [2008/11/19 02:09:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony [2007/09/14 22:45:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles [2009/01/19 16:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio [2009/09/25 02:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron [2007/10/09 20:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent [2007/12/31 16:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse [2009/09/20 02:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest [2009/01/19 16:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab [2008/12/10 14:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games [2009/08/03 13:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genimo [2009/06/30 01:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo [2009/02/18 19:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GOL_byHasbro [2009/08/10 10:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift [2009/03/18 23:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HamsterWarrior [2009/06/09 00:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hidden Island Data [2008/08/13 01:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home [2009/06/24 18:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home 2 [2008/12/13 18:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home Christmas [2009/05/27 20:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HuruBeachParty [2007/09/28 21:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ [2009/01/22 13:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IGN_DLM [2007/09/22 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Incredible Ink [2009/04/15 02:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo [2008/12/28 16:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s [2009/08/14 01:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin [2007/12/07 20:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade [2007/09/23 20:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel [2008/12/19 01:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero [2008/12/17 18:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LaxiusForce [2007/10/06 14:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Legends of pirates [2009/04/13 14:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire [2009/01/17 13:46:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios [2008/11/17 01:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia [2007/09/03 14:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Academy [2008/01/12 23:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds [2008/12/21 22:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Stones [2007/11/11 20:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicStonesY [2009/07/21 01:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MegaplexMadnessSummerBlockbuster [2009/07/15 23:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93 [2009/09/18 03:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom [2007/08/21 23:32:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mind Control Software [2009/01/27 18:12:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mousechief [2008/12/31 17:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks [2009/02/10 13:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games [2008/01/18 18:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Games [2009/08/08 19:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media [2007/08/23 21:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ohana Games [2009/09/15 13:20:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Once Upon a Time in Chicago [2009/08/28 19:13:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik [2009/07/19 16:14:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Peace Craft [2008/11/24 22:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PetShowCraze [2009/09/25 13:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst [2008/12/22 21:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playfirst Ashtons Family Resort [2009/07/17 20:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment [2009/01/27 03:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games [2009/08/03 00:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reflexive [2009/06/29 18:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy [2009/01/24 11:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe [2009/05/08 00:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoeOM [2007/10/20 16:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games [2009/09/13 13:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sanna [2009/03/16 18:28:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM [2009/04/04 00:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games [2009/04/04 22:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShinyTales [2008/12/17 20:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skip-Bo [2009/04/26 00:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity [2009/03/15 21:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sortasoft [2008/12/28 16:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse [2007/09/15 23:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop [2007/12/19 18:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow [2008/12/28 16:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players [2008/12/28 16:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs [2009/02/13 16:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab [2007/12/04 21:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teggo [2009/05/26 13:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\The Flying Trapeezees [2007/11/03 20:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThwartPoker Software [2009/04/19 16:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames [2009/06/24 22:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom [2009/02/24 23:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tropical Dream Underwater Odyssey [2009/06/23 18:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UClick [2009/01/20 23:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue [2009/01/06 01:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity [2009/02/24 17:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UNOUndercover [2009/04/13 14:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent [2009/10/01 01:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft [2009/01/30 14:18:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft [2008/11/15 05:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search [2008/12/06 03:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search [2008/12/17 00:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\World-LooM [2009/05/20 01:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames [2007/09/16 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden [2007/10/20 17:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zylom [2009/08/20 07:27:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/05 00:03:00 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job [2009/10/06 04:16:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C012695 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AEA68EE @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB69CC19 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FA1F20 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F800E5 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:407B2355 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:399441CC @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FA003F9 @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAD2FFA0 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:777A075D @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A37385A @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4 @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C67CB31A @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A9AF3C7 @Alternate Data Stream - 772 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627215B7 @Alternate Data Stream - 372 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469 @Alternate Data Stream - 349 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE13DA72 @Alternate Data Stream - 337 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC3629F @Alternate Data Stream - 334 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B @Alternate Data Stream - 326 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7524F6CC @Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C209D0BD @Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B0B3D25 @Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A9B355 @Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A6F815 @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFC41B39 @Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20 @Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D9FEA32 @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58D2A680 @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F5F4781 @Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA @Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897 @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC @Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:167A825D @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAC3589E @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE187F5B @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CC8A9E4 @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0F3393 @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF39FA77 @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDE7FCF4 @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77423EAD @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:040E11E4 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC6614A4 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EDD6DE2 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D05E7A8B @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:447AD91E @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44B6B0E0 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1DFF11 @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:622C7979 @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2ACE4B @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDEBC850 @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FFC456 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC44AEB @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7CB87BE @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AE67195 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFB99F9 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6347BFF4 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7843388 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CF56DF4 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A63A46 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19F08842 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F12D5ED @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41F8101 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB5BDBB0 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2EDA15 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEC50B4 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A908367 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78D5846B @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E1F359F @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B86037F @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AF0F0F @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90453BDB @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88C60511 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D50F3CE @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBE81670 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77CF9481 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D890DD02 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B742A47D @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3A7233 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF0B4A17 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBDABFA2 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0C40A99 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75EC4D20 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F96743 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD26134 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ADB6F65 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:311F233A @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01C1407E @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00E4A1FE @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B517A2 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71D3858 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6331D24C @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A463A25 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CCFEFB @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:247D483C @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F344FCD5 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF794BCD @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D885A57E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6926830F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54362937 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F50E80F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A761C913 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2E5D510 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA09728 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A4D7243 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDC41D2C @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFE3041 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD874E14 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC483E8C @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FB7A2BD @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E851D78 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14750D76 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097FF903 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0E5BC2 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2B69A18 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCE0D31 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:936CD24D @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5782349A @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55FBB3E8 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41C283B2 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39F1E9F9 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70C5141 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CF19C1B @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:741FB6E5 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1740DC47 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B43B7AD @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269C0B5C @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9283DA1 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2793A03 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618849E3 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:462F5905 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4249A835 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39D0446E @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE0D46D @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:128A6DC9 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4D3884D @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5A3B21 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3B7A337 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:867718D2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69DA000E @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40512067 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:150E156A @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23BAE6D2 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA457ABC @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5135BA4 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D7536E0 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AB76595 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5886DCB8 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45858237 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315D06CB @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9726EA15 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567D3254 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385E2CFD @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C86456 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCFED09 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F3B0E00 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B0F52E5 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E62B642 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EF94CF3 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F851032E @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF1813D7 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73BF05FF @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:161AA30B @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A096EB2 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C51E3D @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5550B299 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48081133 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CAE65A6 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30B9B55F @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEA1F887 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CD97AD @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15DE523E @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E96D894A @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97118EB @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18431D9 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93877B62 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:576FFBED @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE7797 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:279FF250 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E5EC928 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F827F9E @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60705540 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36E20A37 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1828723E @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F951183D @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B648F38E @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:347E9D66 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED873558 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:667565EE @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64A36325 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F11C1BE @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E90ED3 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DEAA30 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A468A21E @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A14966B @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B7238D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFBB419A @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDC42529 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E656ECE @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0308CC3 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:725A0758 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C13E971 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23430C4C @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10769EA7 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C5AF2AA @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63 < End of report > mbam.log results.... Malwarebytes' Anti-Malware 1.41 Database version: 2914 Windows 5.1.2600 Service Pack 3 10/6/2009 03:19:05 AM mbam-log-2009-10-06 (03-19-05).txt Scan type: Quick Scan Objects scanned: 106844 Time elapsed: 17 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Yes, I found my windows cd. And here is the dds report.txt DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 17:02:32.06 on Sun 10/04/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.157 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Prevx\prevx.exe C:\Documents and Settings\Owner\Desktop\cleaning prog 2\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank mStart Page = about:blank BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.3)_Gecko/20090824_Firefox/3.5.3_GTB5_(.NET_CLR_3.5.30729)_FBSMTWB" -"http://www.shegame.com/view/9625/Pebbles-Big-Barney-Chase" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sMSERIAL] sm56hlpr.exe mRun: [nwiz] nwiz.exe /install mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: internet Trusted Zone: mcafee.com DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Sunshine%20Acres/Images/stg_drm.ocx DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184185348947 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Heartwild%20Solitaire/Images/armhelper.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pupvatsk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pupvatsk.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-10-2 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-10-2 27656] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-28 55656] R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-10-2 4368952] R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2000-3-6 25658] R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [2004-8-3 63744] R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2000-2-24 10012] S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?] S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 nenum13E;nenum13E;\??\c:\docume~1\owner\locals~1\temp\nenum13e.sys --> c:\docume~1\owner\locals~1\temp\nenum13E.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-4-18 34760] S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289] S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089] S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-10-02 00:52 27,656 a------- c:\windows\system32\drivers\pxsec.sys 2009-10-02 00:52 22,024 a------- c:\windows\system32\drivers\pxscan.sys 2009-10-02 00:52 <DIR> --d----- c:\program files\Prevx 2009-10-02 00:52 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PrevxCSI 2009-09-26 17:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Avira 2009-09-26 17:31 <DIR> --d----- c:\program files\Avira 2009-09-26 16:30 <DIR> -cd----- C:\Combo-Fix24184C 2009-09-22 13:31 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-22 13:31 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-22 13:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-20 23:04 <DIR> --d----- c:\program files\Funkitron 2009-09-16 14:19 <DIR> --d----- c:\program files\ESET 2009-09-16 13:45 <DIR> --d----- c:\docume~1\owner\applic~1\Merscom 2009-09-15 13:19 <DIR> --d----- c:\docume~1\owner\applic~1\Once Upon a Time in Chicago 2009-09-15 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Once Upon a Time in Chicago 2009-09-13 18:20 <DIR> --d----- c:\program files\AskBarDis 2009-09-13 13:44 <DIR> --d----- c:\docume~1\owner\applic~1\Sanna 2009-09-13 13:38 <DIR> --d----- c:\windows\The Legend of Sanna - Rise of a Great Colony 2009-09-13 13:38 <DIR> --d----- c:\program files\The Legend of Sanna - Rise of a Great Colony 2009-09-12 01:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3 2009-09-12 00:58 <DIR> --d----- c:\program files\Alawar 2009-09-10 12:43 <DIR> --d----- c:\program files\Farm Frenzy 2009-09-07 17:21 <DIR> --d----- c:\docume~1\owner\applic~1\DivoGames 2009-09-07 16:58 <DIR> --d----- c:\program files\Be Richer 2009-09-07 16:54 <DIR> --d----- c:\windows\Be Richer 2009-09-05 15:20 <DIR> --d----- c:\program files\Zylom Games 2009-09-05 14:01 <DIR> --d----- c:\program files\RealArcade ==================== Find3M ==================== 2009-09-27 14:59 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe 2009-08-21 01:16 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2007-12-10 16:19 32 ac---r-- c:\documents and settings\all users\hash.dat 2007-10-30 18:38 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin 2007-09-26 21:10 774,144 a------- c:\program files\RngInterstitial.dll 2009-04-18 16:31 2 a--shrot c:\windows\winstart.bat 2002-07-31 19:55 102 -c-sh--- c:\windows\WSYS049.SYS ============= FINISH: 17:03:21.39 ===============

I still cannot access my recovery console. Still saying NTLDR is compressed. Press Ctrl+Alt+Del to restart. And gives me no other options other than restarting.

GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-10-02 01:31:22 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfayypob.sys ---- System - GMER 1.0.15 ---- SSDT F8DE96AE ZwCreateKey SSDT F8DE96A4 ZwCreateThread SSDT F8DE96B3 ZwDeleteKey SSDT F8DE96BD ZwDeleteValueKey SSDT spgu.sys ZwEnumerateKey [0xF8673CA4] SSDT spgu.sys ZwEnumerateValueKey [0xF8674032] SSDT F8DE96C2 ZwLoadKey SSDT spgu.sys ZwOpenKey [0xF86550C0] SSDT F8DE9690 ZwOpenProcess SSDT F8DE9695 ZwOpenThread SSDT spgu.sys ZwQueryKey [0xF867410A] SSDT spgu.sys ZwQueryValueKey [0xF8673F8A] SSDT F8DE96CC ZwReplaceKey SSDT F8DE96C7 ZwRestoreKey SSDT F8DE96B8 ZwSetValueKey SSDT \SystemRoot\System32\drivers\pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xB9BAB680] INT 0x39 ? 830D0BF8 INT 0x39 ? 830D0BF8 INT 0x3E ? 83370BF8 INT 0x3F ? 83370BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spgu.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F7DEA8AC 5 Bytes JMP 830D01D8 ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[304] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833722D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8686C4C] spgu.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8686CA0] spgu.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8656042] spgu.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F865613E] spgu.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86560C0] spgu.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8656800] spgu.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86566D6] spgu.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8665E9C] spgu.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 830D02D8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8336F1F8 Device \FileSystem\Fastfat \FatCdrom 830F01F8 Device \Driver\usbuhci \Device\USBPDO-0 83179500 Device \Driver\usbuhci \Device\USBPDO-1 83179500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ---- I do see all of the MBR's and if I must wipe the slate clean then I guess it is what it is and I gotta do what I gotta do lol.

I did as u said with MBR and it did not give me a log. It said something along the lines of device: opened successfully user: MBR read successfully kernel: read successfully user & kernel MBR ok. But did not give a log. PrevX also did not give me a log. However, it detected 2 threats, 1 malware and 1 adware. The latter I was able to remove but the malware I need a license to remove it. The malware it detected was Inherit.exe and the Adware it detected & removed was win32kdiag.exe. Have not ran gmer yet, will do that right now then reply with log.

Alrighty, I was able to get into recovery console via my windows cd. I did all of the steps outlined and here is the rundown. Mbam.log.... Malwarebytes' Anti-Malware 1.41 Database version: 2868 Windows 5.1.2600 Service Pack 3 9/28/2009 02:11:56 PM mbam-log-2009-09-28 (14-11-56).txt Scan type: Quick Scan Objects scanned: 105828 Time elapsed: 6 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) gmer.log..... GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-09-28 14:27:28 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfayypob.sys ---- System - GMER 1.0.15 ---- SSDT F8D9DAE6 ZwCreateKey SSDT F8D9DADC ZwCreateThread SSDT F8D9DAEB ZwDeleteKey SSDT F8D9DAF5 ZwDeleteValueKey SSDT spuy.sys ZwEnumerateKey [0xF8673CA4] SSDT spuy.sys ZwEnumerateValueKey [0xF8674032] SSDT F8D9DAFA ZwLoadKey SSDT spuy.sys ZwOpenKey [0xF86550C0] SSDT F8D9DAC8 ZwOpenProcess SSDT F8D9DACD ZwOpenThread SSDT spuy.sys ZwQueryKey [0xF867410A] SSDT spuy.sys ZwQueryValueKey [0xF8673F8A] SSDT F8D9DB04 ZwReplaceKey SSDT F8D9DAFF ZwRestoreKey SSDT F8D9DAF0 ZwSetValueKey SSDT F8D9DAD7 ZwTerminateProcess INT 0x39 ? 830E4BF8 INT 0x39 ? 830E4BF8 INT 0x3E ? 83370BF8 INT 0x3F ? 83370BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spuy.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F7DD98AC 5 Bytes JMP 830E41D8 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[384] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833722D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8686C4C] spuy.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8686CA0] spuy.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8656042] spuy.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F865613E] spuy.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86560C0] spuy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8656800] spuy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86566D6] spuy.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8665E9C] spuy.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 830E42D8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8336F1F8 Device \FileSystem\Fastfat \FatCdrom 832211F8 Device \Driver\usbuhci \Device\USBPDO-0 830E31F8 Device \Driver\usbuhci \Device\USBPDO-1 830E31F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ---- checkup.log.... Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Avira updated! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 11 Java 6 Update 2 Java 6 Update 3 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 8.1.6 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

I do have the windows xp cd...i just need to locate it.

I did as you said with combo-fix. However, when I rebooted and tried to go into microsoft recovery console it said this: NTLDR is compressed Press Ctrl+Alt+Del to restart. And wouldn't let me continue without restarting. Here is the log from combo-fix.... ComboFix 09-09-25.01 - Owner 09/26/2009 16:33.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.264 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe . ((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 ))))))))))))))))))))))))))))))) . 2009-09-26 20:30 . 2009-09-26 20:32 -------- dc----w- C:\Combo-Fix24184C 2009-09-22 17:31 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-22 17:31 . 2009-09-22 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 17:31 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-22 07:37 . 2009-09-22 07:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Astar Games 2009-09-21 03:04 . 2009-09-21 04:15 -------- d-----w- c:\program files\Funkitron 2009-09-19 21:21 . 2009-09-19 21:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-16 18:19 . 2009-09-16 18:19 -------- d-----w- c:\program files\ESET 2009-09-16 17:45 . 2009-09-18 07:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Merscom 2009-09-15 17:19 . 2009-09-15 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Once Upon a Time in Chicago 2009-09-15 17:19 . 2009-09-15 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Once Upon a Time in Chicago 2009-09-13 22:20 . 2009-09-13 22:20 -------- d-----w- c:\program files\AskBarDis 2009-09-13 17:44 . 2009-09-13 17:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Sanna 2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\program files\The Legend of Sanna - Rise of a Great Colony 2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\windows\The Legend of Sanna - Rise of a Great Colony 2009-09-12 05:00 . 2009-09-12 05:04 -------- dc----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3 2009-09-12 04:58 . 2009-09-13 04:00 -------- d-----w- c:\program files\Alawar 2009-09-10 16:43 . 2009-09-12 04:47 -------- d-----w- c:\program files\Farm Frenzy 2009-09-07 21:21 . 2009-09-07 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\DivoGames 2009-09-07 20:58 . 2009-09-07 20:58 -------- d-----w- c:\program files\Be Richer 2009-09-07 20:54 . 2009-09-07 20:54 -------- d-----w- c:\windows\Be Richer 2009-09-05 19:20 . 2009-09-05 19:20 -------- d-----w- c:\program files\Zylom Games 2009-09-05 18:01 . 2009-09-06 01:59 -------- d-----w- c:\program files\RealArcade 2009-09-04 16:04 . 2009-09-04 16:04 -------- dc----w- C:\_OTL 2009-09-04 06:00 . 2009-09-24 06:54 -------- d-----w- C:\DCE 2009-09-04 05:46 . 2009-09-04 05:46 -------- dc----w- C:\ERDNT 2009-09-04 05:46 . 2009-09-04 05:46 -------- d-----w- c:\windows\ERUNT 2009-09-04 05:46 . 2009-09-04 05:46 -------- dc----w- C:\!FixIEDef 2009-09-02 05:50 . 2009-09-02 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-31 16:46 . 2009-09-03 16:45 -------- d-----w- c:\program files\Iceblast 2009-08-31 01:47 . 2009-08-31 01:55 -------- dc----w- C:\Combo-Fix 2009-08-31 01:31 . 2009-09-19 20:31 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-30 22:46 . 2009-08-30 22:46 -------- d-----w- c:\program files\Lavalys 2009-08-30 22:03 . 2009-08-30 22:03 -------- d-----w- c:\documents and settings\Owner\DoctorWeb 2009-08-29 23:27 . 2009-09-02 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-29 23:01 . 2009-08-29 23:01 -------- dc----w- C:\comment.htt 2009-08-29 21:36 . 2009-08-29 23:03 -------- d--h--w- c:\documents and settings\Owner\Recent(2) 2009-08-29 21:32 . 2009-08-29 21:32 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache 2009-08-29 04:57 . 2009-08-29 16:34 -------- d-----w- c:\program files\iWin.com 2009-08-29 04:54 . 2009-08-29 21:48 -------- d-----w- c:\program files\iWin Games 2009-08-28 23:13 . 2009-08-28 23:13 -------- d-----w- c:\documents and settings\Owner\Application Data\panoramik 2009-08-28 22:53 . 2009-09-21 17:44 -------- d-----w- c:\windows\8HPW4CJRY6ELT18G . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-26 20:24 . 2008-11-14 17:35 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-26 03:32 . 2007-08-22 02:54 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-25 17:57 . 2007-08-23 23:39 -------- dc----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-09-25 17:19 . 2007-08-23 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-09-25 17:19 . 2007-08-22 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst 2009-09-25 17:16 . 2007-08-23 23:39 -------- d-----w- c:\program files\bfgclient 2009-09-25 06:38 . 2007-10-18 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\funkitron 2009-09-23 07:57 . 2008-02-03 13:43 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-20 06:47 . 2008-11-28 21:52 -------- d-----w- c:\documents and settings\Owner\Application Data\GameInvest 2009-09-19 21:26 . 2008-12-16 19:27 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee 2009-09-18 07:05 . 2009-06-30 01:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Merscom 2009-09-14 01:10 . 2008-12-29 19:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus 2009-09-13 22:21 . 2008-12-29 19:44 -------- d-----w- c:\program files\Vuze 2009-09-13 04:00 . 2009-02-18 19:30 -------- dc----w- c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-09-06 01:58 . 2009-02-09 15:09 -------- d-----w- c:\program files\CCleaner 2009-09-05 21:28 . 2009-06-30 00:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure 2009-09-05 18:05 . 2007-09-13 00:55 -------- dc----w- c:\documents and settings\All Users\Application Data\HipSoft 2009-09-04 06:29 . 2009-04-18 20:30 -------- d-----w- c:\program files\UnHackMe 2009-09-02 05:55 . 2008-11-22 06:03 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-29 23:27 . 2009-03-11 06:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-08-29 23:03 . 2009-03-28 21:19 -------- d-----w- c:\program files\Mcam 2009-08-27 16:46 . 2009-08-27 15:50 -------- dc----w- c:\documents and settings\All Users\Application Data\game_fillup_v2_usa 2009-08-27 06:04 . 2009-08-27 06:04 -------- dc----w- c:\documents and settings\All Users\Application Data\fillup 2009-08-22 22:54 . 2009-02-21 02:09 -------- d-----w- c:\program files\7-Zip 2009-08-22 22:26 . 2008-01-01 19:26 -------- dc----w- c:\documents and settings\All Users\Application Data\WildTangent 2009-08-22 22:25 . 2007-10-22 21:48 -------- d-----w- c:\program files\Yahoo! Games 2009-08-22 05:28 . 2007-08-19 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-21 05:16 . 2009-08-21 05:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-20 17:52 . 2007-08-19 18:27 -------- d-----w- c:\program files\EA GAMES 2009-08-16 05:35 . 2009-08-16 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Batovi 2009-08-15 19:29 . 2007-08-22 01:48 -------- d-----w- c:\program files\Google 2009-08-14 05:56 . 2008-02-02 01:59 -------- dc----w- c:\documents and settings\All Users\Application Data\iwin 2009-08-14 05:56 . 2007-12-05 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin 2009-08-12 05:23 . 2009-08-11 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia 2009-08-10 14:54 . 2009-08-10 14:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GraveyardShift 2009-08-09 00:37 . 2009-08-09 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Protexis 2009-08-09 00:27 . 2007-11-10 01:01 -------- d-----w- c:\program files\GamesBar 2009-08-09 00:25 . 2008-12-14 07:51 -------- d-----w- c:\documents and settings\Owner\Application Data\CaribbeanHideaway 2009-08-09 00:13 . 2009-08-09 00:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Oberon Media 2009-08-08 23:07 . 2009-08-08 23:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Candy Factory 2009-08-08 23:06 . 2009-08-08 23:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberon Media 2009-08-08 23:04 . 2009-08-08 23:04 -------- d-----w- c:\program files\Common Files\Oberon Media 2009-08-06 05:24 . 2009-07-25 02:47 49 ----a-w- c:\windows\popcinfot.dat 2009-08-06 05:18 . 2009-03-28 18:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 05:50 . 2009-08-04 05:50 -------- dc----w- c:\documents and settings\All Users\Application Data\RealArcade 2009-08-03 17:29 . 2009-08-03 17:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Genimo 2009-08-03 05:16 . 2009-08-03 05:16 -------- d-----w- c:\documents and settings\Owner\Application Data\BigFishGames 2009-08-03 04:09 . 2009-08-03 04:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Reflexive 2009-08-03 03:03 . 2009-08-03 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\RealArcade 2009-08-02 19:49 . 2009-08-02 19:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Pony-World-Deluxe 2009-08-01 04:55 . 2009-08-01 04:55 -------- dc----w- c:\documents and settings\All Users\Application Data\GoBit Games 2009-07-31 16:25 . 2009-06-14 17:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Aveyond 3 2009-07-30 04:58 . 2009-07-30 04:56 -------- dc----w- c:\documents and settings\All Users\Application Data\DreamFarm 2009-07-29 17:00 . 2009-07-29 17:00 -------- dc----w- c:\documents and settings\All Users\Application Data\CasualForge 2009-07-29 17:00 . 2009-07-29 17:00 -------- d-----w- c:\documents and settings\Owner\Application Data\CasualForge 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 01:08 . 2007-08-24 14:50 13888 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll 2007-09-27 01:10 . 2007-09-27 01:11 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-04-18 20:31 . 2009-04-18 20:31 2 --shatr- c:\windows\winstart.bat 2002-07-31 23:55 . 2007-10-11 02:23 102 -csh--w- c:\windows\WSYS049.SYS . ((((((((((((((((((((((((((((( SnapShot@2009-09-22_07.04.02 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-09-19 21:21 . 2009-09-20 20:02 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-09-19 21:21 . 2009-09-25 06:23 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-09-24 18:07 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2002-03-19 21:30 . 2002-03-19 21:30 177152 c:\windows\system32\tweakui.exe - 2004-08-04 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll + 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll + 2007-07-11 19:45 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll - 2007-07-11 19:45 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll - 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll + 2009-09-24 06:55 . 2009-09-24 06:55 304640 c:\windows\Installer\2cb8c0f.msi + 2009-09-23 07:19 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2009-09-23 07:19 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2009-09-23 07:19 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2009-03-26 17:47 . 2009-09-24 06:54 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi - 2009-03-26 17:47 . 2009-03-26 17:47 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi + 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll - 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll + 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll - 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2009-03-28 22:25 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe + 2009-09-23 07:20 . 2009-09-23 07:20 15709696 c:\windows\Installer\1337e9.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2003-06-19 548864] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0Partizan [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^H3 The Shadow of Death.lnk] backup=c:\windows\pss\H3 The Shadow of Death.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MostFun.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "TomTomHOMEService"=2 (0x2) "iWinTrusted"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 prohlp01;StarForce Protection Helper Driver v1;c:\windows\system32\drivers\prohlp01.sys [12/26/2002 10:20 AM 61728] R1 prodrv05;StarForce Protection Environment Driver v5;c:\windows\system32\drivers\prodrv05.sys [12/26/2002 10:14 AM 53568] R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [3/6/2000 09:59 AM 25658] R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [8/3/2004 07:07 PM 63744] R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2/24/2000 04:45 PM 10012] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 09:18 PM 23680] S3 nenum13E;nenum13E;\??\c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [4/18/2009 04:31 PM 34760] S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/9/2009 04:21 PM 78104] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42] 2009-09-26 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2004-08-04 00:12] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank Trusted Zone: internet Trusted Zone: mcafee.com DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q= FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-26 16:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-764733703-1343024091-1003\Software\SecuROM\License information*] "datasecu"=hex:2c,a2,2d,68,1e,b2,83,4e,59,87,76,cc,7a,eb,e3,ed,df,4c,01,7f,5f, 1d,ab,dc,a3,89,a1,71,da,31,4c,86,b9,c9,0b,ff,5a,1d,62,7e,1e,08,4b,20,9f,84,\ "rkeysecu"=hex:4e,08,d7,a7,f2,8b,42,cc,8b,e5,07,42,1d,98,f2,b3 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1436) c:\windows\system32\WININET.dll c:\windows\system32\nview.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-09-26 16:45 ComboFix-quarantined-files.txt 2009-09-26 20:45 ComboFix2.txt 2009-09-22 17:00 ComboFix3.txt 2009-09-22 07:09 Pre-Run: 21,086,351,360 bytes free Post-Run: 21,171,171,328 bytes free 319 --- E O F --- 2009-09-23 07:24

Ran another Mbam scan again, here are the results..... Malwarebytes' Anti-Malware 1.41 Database version: 2843 Windows 5.1.2600 Service Pack 3 9/26/2009 01:55:22 AM mbam-log-2009-09-26 (01-55-22).txt Scan type: Full Scan (A:\|C:\|D:\|) Objects scanned: 215084 Time elapsed: 2 hour(s), 18 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

OK, I ran WebCureIt but made a mistake and closed it before I saved the log. However, it said there were no viruses detected. If need be, I can run it again to produce a log. Here is the DDS.log.... DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 2:20:57.33 on Fri 09/25/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.196 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank mStart Page = about:blank BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sMSERIAL] sm56hlpr.exe mRun: [nwiz] nwiz.exe /install mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: internet Trusted Zone: mcafee.com DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Sunshine%20Acres/Images/stg_drm.ocx DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184185348947 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Heartwild%20Solitaire/Images/armhelper.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pupvatsk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q= FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pupvatsk.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 prohlp01;StarForce Protection Helper Driver v1;c:\windows\system32\drivers\prohlp01.sys [2002-12-26 61728] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024] R1 prodrv05;StarForce Protection Environment Driver v5;c:\windows\system32\drivers\prodrv05.sys [2002-12-26 53568] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-24 144704] R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2000-3-6 25658] R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [2004-8-3 63744] R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2000-2-24 10012] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-24 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-24 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-24 40552] R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-24 359952] R4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-24 606736] S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?] S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-24 34248] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 nenum13E;nenum13E;\??\c:\docume~1\owner\locals~1\temp\nenum13e.sys --> c:\docume~1\owner\locals~1\temp\nenum13E.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-4-18 34760] S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-09-24 04:03 5,001 a------- c:\windows\system32\Config.MPF 2009-09-24 03:58 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-09-24 03:58 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-09-24 03:58 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-09-24 03:58 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-09-24 03:57 <DIR> --d----- c:\program files\common files\McAfee 2009-09-24 03:57 <DIR> --d----- c:\program files\McAfee.com 2009-09-24 03:57 <DIR> --d----- c:\program files\McAfee 2009-09-24 03:53 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-09-22 13:31 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-22 13:31 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-22 13:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 03:25 <DIR> --d----- c:\program files\Slingo Mystery - Who's Gold 2009-09-22 03:22 <DIR> --d----- c:\program files\Paradise Beach 2009-09-20 23:04 <DIR> --d----- c:\program files\Funkitron 2009-09-16 14:19 <DIR> --d----- c:\program files\ESET 2009-09-16 13:45 <DIR> --d----- c:\docume~1\owner\applic~1\Merscom 2009-09-15 13:19 <DIR> --d----- c:\docume~1\owner\applic~1\Once Upon a Time in Chicago 2009-09-15 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Once Upon a Time in Chicago 2009-09-13 18:20 <DIR> --d----- c:\program files\AskBarDis 2009-09-13 13:44 <DIR> --d----- c:\docume~1\owner\applic~1\Sanna 2009-09-13 13:38 <DIR> --d----- c:\windows\The Legend of Sanna - Rise of a Great Colony 2009-09-13 13:38 <DIR> --d----- c:\program files\The Legend of Sanna - Rise of a Great Colony 2009-09-12 01:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3 2009-09-12 00:58 <DIR> --d----- c:\program files\Alawar 2009-09-10 12:43 <DIR> --d----- c:\program files\Farm Frenzy 2009-09-07 17:21 <DIR> --d----- c:\docume~1\owner\applic~1\DivoGames 2009-09-07 16:58 <DIR> --d----- c:\program files\Be Richer 2009-09-07 16:54 <DIR> --d----- c:\windows\Be Richer 2009-09-05 15:20 <DIR> --d----- c:\program files\Zylom Games 2009-09-05 14:01 <DIR> --d----- c:\program files\RealArcade 2009-09-04 12:04 <DIR> -cd----- C:\_OTL 2009-09-04 02:00 <DIR> --d----- C:\DCE 2009-09-04 01:46 <DIR> --d----- c:\windows\ERUNT 2009-09-04 01:46 <DIR> -cd----- C:\!FixIEDef 2009-09-02 01:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-08-31 12:46 <DIR> --d----- c:\program files\Iceblast 2009-08-30 21:47 <DIR> -cd----- C:\Combo-Fix 2009-08-30 21:31 664 a------- c:\windows\system32\d3d9caps.dat 2009-08-30 18:46 <DIR> --d----- c:\program files\Lavalys 2009-08-30 18:03 <DIR> --d----- c:\documents and settings\owner\DoctorWeb 2009-08-30 16:56 <DIR> acdshr-- C:\cmdcons 2009-08-30 16:54 229,888 a------- c:\windows\PEV.exe 2009-08-30 16:54 161,792 a------- c:\windows\SWREG.exe 2009-08-30 16:54 98,816 a------- c:\windows\sed.exe 2009-08-29 19:27 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-08-29 19:01 <DIR> -cd----- C:\desktop.ini 2009-08-29 19:01 <DIR> -cd----- C:\comment.htt 2009-08-29 19:01 <DIR> -cd----- C:\autorun.inf 2009-08-29 17:36 <DIR> --d-h--- c:\documents and settings\owner\Recent(2) 2009-08-29 00:57 <DIR> --d----- c:\program files\iWin.com 2009-08-29 00:54 <DIR> --d----- c:\program files\iWin Games 2009-08-28 19:13 <DIR> --d----- c:\docume~1\owner\applic~1\panoramik 2009-08-28 18:53 <DIR> --d----- c:\windows\8HPW4CJRY6ELT18G 2009-08-27 11:50 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\game_fillup_v2_usa 2009-08-27 02:04 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\fillup ==================== Find3M ==================== 2009-08-21 01:16 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-08-06 01:18 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll 2007-12-10 16:19 32 ac---r-- c:\documents and settings\all users\hash.dat 2007-10-30 18:38 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin 2007-09-26 21:10 774,144 a------- c:\program files\RngInterstitial.dll 2009-04-18 16:31 2 a--shrot c:\windows\winstart.bat 2002-07-31 19:55 102 -c-sh--- c:\windows\WSYS049.SYS ============= FINISH: 2:23:01.92 =============== Here is the Attach.log.... UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 7/11/2007 03:51:33 PM System Uptime: 9/25/2009 02:13:53 AM (0 hours ago) Motherboard: ASUSTeK Computer INC. | | <<P4T>> Processor: Intel® Pentium® 4 CPU 1400MHz | PGA 423 | 1406/100mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 75 GiB total, 19.419 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_9207103C&REV_10\4&2B96F39&0&38F0 Manufacturer: Hewlett Packard Name: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter PNP Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_9207103C&REV_10\4&2B96F39&0&38F0 Service: rtl8139 Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&15F50029&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&15F50029&0 Service: i8042prt ==== System Restore Points =================== RP486: 9/24/2009 04:03:04 AM - Installed Tweakui Powertoy for Windows XP ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.6 Adobe Shockwave Player 11.5 Apple Software Update Be Richer Big Fish Games Client CAM UnZip 4.42 CCleaner (remove only) CEP - Color Enable Package Colour Options 2.0 (beta) for The Sims 2 (and Sims 2 University Critical Update for Windows Media Player 11 (KB959772) Direct Show Ogg Vorbis Filter (remove only) DirectX for Managed Code Update (December 2004) EA Download Manager ESET Online Scanner v3 EVGA Display Driver GameHouse Google Toolbar for Internet Explorer Google Update Helper HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Update iWin Games (remove only) Java 6 Update 11 Java 6 Update 2 Java 6 Update 3 KnightsAndMerchants Malwarebytes' Anti-Malware McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.5.3) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) Network Play System (Patching) NVIDIA Drivers Octoshape add-in for Adobe Flash Player OpenAL Paradise Beach PC Camera QuickTime RealArcade REALTEK GbE & FE Ethernet PCI NIC Driver Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SimCity 2000

Here is the Nfix.log Norman SinowalMBR Cleaner Copyright

K, here is the log file from Escan..... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=663b3fd357f9af4da7e79110bee4f311 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-23 07:29:26 # local_time=2009-09-23 03:29:26 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=1256 # found=0 # cleaned=0 # scan_time=37 esets_scanner_update returned -1 esets_gle=53251 # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=663b3fd357f9af4da7e79110bee4f311 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-23 07:59:29 # local_time=2009-09-23 03:59:29 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=1256 # found=0 # cleaned=0 # scan_time=38 esets_scanner_update returned -1 esets_gle=53251 # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=663b3fd357f9af4da7e79110bee4f311 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-23 08:00:47 # local_time=2009-09-23 04:00:47 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=1256 # found=0 # cleaned=0 # scan_time=23 And here is the Gmer.log...... GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-09-23 04:15:04 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfayypob.sys ---- System - GMER 1.0.15 ---- SSDT spzj.sys ZwCreateKey [0xF86550E0] SSDT spzj.sys ZwEnumerateKey [0xF8673CA4] SSDT spzj.sys ZwEnumerateValueKey [0xF8674032] SSDT spzj.sys ZwOpenKey [0xF86550C0] SSDT spzj.sys ZwQueryKey [0xF867410A] SSDT spzj.sys ZwQueryValueKey [0xF8673F8A] SSDT spzj.sys ZwSetValueKey [0xF867419C] INT 0x39 ? 831B2BF8 INT 0x39 ? 831B2BF8 INT 0x3E ? 833DEBF8 INT 0x3F ? 833DEBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spzj.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F735C8AC 5 Bytes JMP 831B21D8 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1780] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833E02D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8686C4C] spzj.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8686CA0] spzj.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8656042] spzj.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F865613E] spzj.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86560C0] spzj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8656800] spzj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86566D6] spzj.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8665E9C] spzj.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 831B22D8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 833DD1F8 Device \FileSystem\Fastfat \FatCdrom 82BA1500 Device \Driver\usbuhci \Device\USBPDO-0 831B11F8 Device \Driver\usbuhci \Device\USBPDO-1 831B11F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ----

Ha, it finished. Here is the complete scan log from mbam..... Malwarebytes' Anti-Malware 1.41 Database version: 2843 Windows 5.1.2600 Service Pack 3 9/22/2009 02:28:14 PM mbam-log-2009-09-22 (14-28-14).txt Scan type: Full Scan (A:\|C:\|D:\|) Objects scanned: 215175 Time elapsed: 39 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14E1D61E-9EE7-4CD1-B1AE-FDF0411EB0A4}\RP484\A0319321.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14E1D61E-9EE7-4CD1-B1AE-FDF0411EB0A4}\RP484\A0319361.dll (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14E1D61E-9EE7-4CD1-B1AE-FDF0411EB0A4}\RP484\A0319363.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14E1D61E-9EE7-4CD1-B1AE-FDF0411EB0A4}\RP484\A0319563.exe (Trojan.Banker) -> Quarantined and deleted successfully.